[
  {
    "Target": "665d5f32d98e (ubuntu 20.04)",
    "Type": "ubuntu",
    "Vulnerabilities": [
      {
        "VulnerabilityID": "CVE-2019-17567",
        "PkgName": "apache2-utils",
        "InstalledVersion": "2.4.41-4ubuntu3.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-17567",
        "Title": "httpd:  mod_proxy_wstunnel tunneling of non Upgraded connection",
        "Description": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-444"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "V3Score": 4.8
          }
        },
        "References": [
          "http://httpd.apache.org/security/vulnerabilities_24.html",
          "http://www.openwall.com/lists/oss-security/2021/06/10/2",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567",
          "https://httpd.apache.org/security/vulnerabilities_24.html",
          "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-17567",
          "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E",
          "https://lists.apache.org/thread.html/r90f693a5c9fb75550ef1412436d5e682a5f845beb427fa6f23419a3c@%3Cannounce.httpd.apache.org%3E",
          "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
        ],
        "PublishedDate": "2021-06-10T07:15:00Z",
        "LastModifiedDate": "2021-06-16T13:23:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-18276",
        "PkgName": "bash",
        "InstalledVersion": "5.0-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-18276",
        "Title": "bash: when effective UID is not equal to its real UID the saved UID is not dropped",
        "Description": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-273"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.2,
            "V3Score": 7.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 7.8
          }
        },
        "References": [
          "http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276",
          "https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff",
          "https://linux.oracle.com/cve/CVE-2019-18276.html",
          "https://linux.oracle.com/errata/ELSA-2021-1679.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/202105-34",
          "https://security.netapp.com/advisory/ntap-20200430-0003/",
          "https://www.youtube.com/watch?v=-wGtxJ8opa8"
        ],
        "PublishedDate": "2019-11-28T01:15:00Z",
        "LastModifiedDate": "2021-05-26T12:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13716",
        "PkgName": "binutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
        "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
        "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
        ],
        "PublishedDate": "2017-08-28T21:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20657",
        "PkgName": "binutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
        "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
        "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106444",
          "https://access.redhat.com/errata/RHSA-2019:3352",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657",
          "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
          "https://linux.oracle.com/cve/CVE-2018-20657.html",
          "https://linux.oracle.com/errata/ELSA-2019-3352.html",
          "https://support.f5.com/csp/article/K62602089"
        ],
        "PublishedDate": "2019-01-02T14:29:00Z",
        "LastModifiedDate": "2019-11-06T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010204",
        "PkgName": "binutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
        "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
        "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125",
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204",
          "https://linux.oracle.com/cve/CVE-2019-1010204.html",
          "https://linux.oracle.com/errata/ELSA-2020-1797.html",
          "https://security.netapp.com/advisory/ntap-20190822-0001/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
          "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp;utm_medium=RSS"
        ],
        "PublishedDate": "2019-07-23T14:15:00Z",
        "LastModifiedDate": "2019-08-22T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3487",
        "PkgName": "binutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3487",
        "Title": "binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()",
        "Description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20",
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
        ],
        "PublishedDate": "2021-04-15T14:15:00Z",
        "LastModifiedDate": "2021-05-04T12:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13716",
        "PkgName": "binutils-common",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
        "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
        "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
        ],
        "PublishedDate": "2017-08-28T21:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20657",
        "PkgName": "binutils-common",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
        "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
        "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106444",
          "https://access.redhat.com/errata/RHSA-2019:3352",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657",
          "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
          "https://linux.oracle.com/cve/CVE-2018-20657.html",
          "https://linux.oracle.com/errata/ELSA-2019-3352.html",
          "https://support.f5.com/csp/article/K62602089"
        ],
        "PublishedDate": "2019-01-02T14:29:00Z",
        "LastModifiedDate": "2019-11-06T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010204",
        "PkgName": "binutils-common",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
        "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
        "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125",
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204",
          "https://linux.oracle.com/cve/CVE-2019-1010204.html",
          "https://linux.oracle.com/errata/ELSA-2020-1797.html",
          "https://security.netapp.com/advisory/ntap-20190822-0001/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
          "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp;utm_medium=RSS"
        ],
        "PublishedDate": "2019-07-23T14:15:00Z",
        "LastModifiedDate": "2019-08-22T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3487",
        "PkgName": "binutils-common",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3487",
        "Title": "binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()",
        "Description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20",
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
        ],
        "PublishedDate": "2021-04-15T14:15:00Z",
        "LastModifiedDate": "2021-05-04T12:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13716",
        "PkgName": "binutils-x86-64-linux-gnu",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
        "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
        "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
        ],
        "PublishedDate": "2017-08-28T21:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20657",
        "PkgName": "binutils-x86-64-linux-gnu",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
        "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
        "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106444",
          "https://access.redhat.com/errata/RHSA-2019:3352",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657",
          "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
          "https://linux.oracle.com/cve/CVE-2018-20657.html",
          "https://linux.oracle.com/errata/ELSA-2019-3352.html",
          "https://support.f5.com/csp/article/K62602089"
        ],
        "PublishedDate": "2019-01-02T14:29:00Z",
        "LastModifiedDate": "2019-11-06T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010204",
        "PkgName": "binutils-x86-64-linux-gnu",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
        "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
        "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125",
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204",
          "https://linux.oracle.com/cve/CVE-2019-1010204.html",
          "https://linux.oracle.com/errata/ELSA-2020-1797.html",
          "https://security.netapp.com/advisory/ntap-20190822-0001/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
          "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp;utm_medium=RSS"
        ],
        "PublishedDate": "2019-07-23T14:15:00Z",
        "LastModifiedDate": "2019-08-22T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3487",
        "PkgName": "binutils-x86-64-linux-gnu",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3487",
        "Title": "binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()",
        "Description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20",
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
        ],
        "PublishedDate": "2021-04-15T14:15:00Z",
        "LastModifiedDate": "2021-05-04T12:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-2781",
        "PkgName": "coreutils",
        "InstalledVersion": "8.30-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781",
        "Title": "coreutils: Non-privileged session can escape to the parent session in chroot",
        "Description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
            "V2Score": 2.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V2Vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "V2Score": 6.2,
            "V3Score": 8.6
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2016/q1/452",
          "http://www.openwall.com/lists/oss-security/2016/02/28/2",
          "http://www.openwall.com/lists/oss-security/2016/02/28/3",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lore.kernel.org/patchwork/patch/793178/"
        ],
        "PublishedDate": "2017-02-07T15:59:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "cpp",
        "InstalledVersion": "1.185.1ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "cpp-8",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "cpp-9",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-22898",
        "PkgName": "curl",
        "InstalledVersion": "7.68.0-1ubuntu2.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22898",
        "Title": "curl: TELNET stack contents disclosure",
        "Description": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-909"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "V3Score": 3.1
          }
        },
        "References": [
          "https://curl.se/docs/CVE-2021-22898.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898",
          "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde",
          "https://hackerone.com/reports/1176461",
          "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
        ],
        "PublishedDate": "2021-06-11T16:15:00Z",
        "LastModifiedDate": "2021-06-22T16:23:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "dirmngr",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "g++",
        "InstalledVersion": "1.185.1ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "g++-9",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "gcc",
        "InstalledVersion": "1.185.1ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "gcc-8",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "gcc-8-base",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "gcc-9",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "gcc-9-base",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "gfortran-8",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-1000021",
        "PkgName": "git",
        "InstalledVersion": "1:2.32.0-1~ppa0~ubuntu20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000021",
        "Title": "git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands",
        "Description": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "V3Score": 5
          }
        },
        "References": [
          "http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021"
        ],
        "PublishedDate": "2018-02-09T23:29:00Z",
        "LastModifiedDate": "2018-03-06T19:34:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-1000021",
        "PkgName": "git-man",
        "InstalledVersion": "1:2.32.0-1~ppa0~ubuntu20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000021",
        "Title": "git: client prints server-sent ANSI escape codes to the terminal, allowing for unverified messages to potentially execute arbitrary commands",
        "Description": "GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "V3Score": 5
          }
        },
        "References": [
          "http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021"
        ],
        "PublishedDate": "2018-02-09T23:29:00Z",
        "LastModifiedDate": "2018-03-06T19:34:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gnupg",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gnupg-agent",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gnupg-l10n",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gnupg-utils",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gnupg2",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpg",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpg-agent",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpg-wks-client",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpg-wks-server",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpgconf",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpgsm",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-13050",
        "PkgName": "gpgv",
        "InstalledVersion": "2.2.19-3ubuntu2.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-13050",
        "Title": "GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS",
        "Description": "Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-295"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00039.html",
          "https://access.redhat.com/articles/4264021",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13050",
          "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f",
          "https://linux.oracle.com/cve/CVE-2019-13050.html",
          "https://linux.oracle.com/errata/ELSA-2020-4490.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUK2YRO6QIH64WP2LRA5D4LACTXQPPU4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CP4ON34YEXEZDZOXXWV43KVGGO6WZLJ5/",
          "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html",
          "https://support.f5.com/csp/article/K08654551",
          "https://support.f5.com/csp/article/K08654551?utm_source=f5support\u0026amp;utm_medium=RSS",
          "https://twitter.com/lambdafu/status/1147162583969009664"
        ],
        "PublishedDate": "2019-06-29T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:05:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-17507",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17507",
        "Title": "hdf5: Out-of-bounds read in the H5T_conv_struct_opt function",
        "Description": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507",
          "https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md",
          "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
        ],
        "PublishedDate": "2017-12-11T03:29:00Z",
        "LastModifiedDate": "2017-12-19T20:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17233",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17233",
        "Title": "hdf5: SIGFPE signal in H5D__create_chunk_file_map_hyper() of H5Dchunk.c",
        "Description": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2018-11-21T18:50:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17234",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17234",
        "Title": "hdf5: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c",
        "Description": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17432",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17432",
        "Title": "hdf5: NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c",
        "Description": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17433",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17433",
        "Title": "hdf5: heap-based buffer overflow in ReadGifImageDesc() in gifread.c",
        "Description": "A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17434",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17434",
        "Title": "hdf5: SIGFPE signal in apply_filters() in h5repack_filters.c",
        "Description": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-28T21:20:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17437",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17437",
        "Title": "hdf5: memory leak in H5O_dtype_decode_helper() in H5Odtype.c",
        "Description": "Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17438",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17438",
        "Title": "hdf5: SIGFPE signal in function H5D__select_io() of H5Dselect.c",
        "Description": "A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:56:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-8397",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8397",
        "Title": "hdf5: Out-of-Bounds Read in function H5T_close_real in H5T.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul5"
        ],
        "PublishedDate": "2019-02-17T06:29:00Z",
        "LastModifiedDate": "2019-02-19T21:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9151",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9151",
        "Title": "hdf5: out of bounds read in function H5VM_memcpyvv in H5VM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:18:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9152",
        "PkgName": "hdf5-helpers",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9152",
        "Title": "hdf5: out of bounds read in function H5MM_xstrdup in H5MM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul8"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:17:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "krb5-multidev",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-1585",
        "PkgName": "libapparmor1",
        "InstalledVersion": "2.13.3-7ubuntu5.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-1585",
        "Description": "In all versions of AppArmor mount rules are accidentally widened when compiled.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-254"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.5,
            "V3Score": 9.8
          }
        },
        "References": [
          "https://bugs.launchpad.net/apparmor/+bug/1597017",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1585",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2019-04-22T16:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "libasan5",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3468",
        "PkgName": "libavahi-client3",
        "InstalledVersion": "0.7-4ubuntu7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3468",
        "Title": "avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket",
        "Description": "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1939614",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468"
        ],
        "PublishedDate": "2021-06-02T16:15:00Z",
        "LastModifiedDate": "2021-06-09T20:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3468",
        "PkgName": "libavahi-common-data",
        "InstalledVersion": "0.7-4ubuntu7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3468",
        "Title": "avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket",
        "Description": "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1939614",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468"
        ],
        "PublishedDate": "2021-06-02T16:15:00Z",
        "LastModifiedDate": "2021-06-09T20:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3468",
        "PkgName": "libavahi-common3",
        "InstalledVersion": "0.7-4ubuntu7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3468",
        "Title": "avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket",
        "Description": "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1939614",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468"
        ],
        "PublishedDate": "2021-06-02T16:15:00Z",
        "LastModifiedDate": "2021-06-09T20:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3468",
        "PkgName": "libavahi-glib1",
        "InstalledVersion": "0.7-4ubuntu7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3468",
        "Title": "avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket",
        "Description": "A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1939614",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468"
        ],
        "PublishedDate": "2021-06-02T16:15:00Z",
        "LastModifiedDate": "2021-06-09T20:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13716",
        "PkgName": "libbinutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
        "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
        "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
        ],
        "PublishedDate": "2017-08-28T21:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20657",
        "PkgName": "libbinutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
        "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
        "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106444",
          "https://access.redhat.com/errata/RHSA-2019:3352",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657",
          "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
          "https://linux.oracle.com/cve/CVE-2018-20657.html",
          "https://linux.oracle.com/errata/ELSA-2019-3352.html",
          "https://support.f5.com/csp/article/K62602089"
        ],
        "PublishedDate": "2019-01-02T14:29:00Z",
        "LastModifiedDate": "2019-11-06T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010204",
        "PkgName": "libbinutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
        "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
        "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125",
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204",
          "https://linux.oracle.com/cve/CVE-2019-1010204.html",
          "https://linux.oracle.com/errata/ELSA-2020-1797.html",
          "https://security.netapp.com/advisory/ntap-20190822-0001/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
          "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp;utm_medium=RSS"
        ],
        "PublishedDate": "2019-07-23T14:15:00Z",
        "LastModifiedDate": "2019-08-22T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3487",
        "PkgName": "libbinutils",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3487",
        "Title": "binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()",
        "Description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20",
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
        ],
        "PublishedDate": "2021-04-15T14:15:00Z",
        "LastModifiedDate": "2021-05-04T12:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-10228",
        "PkgName": "libc-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228",
        "Title": "glibc: iconv program can hang when invoked with the -c option",
        "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/03/01/10",
          "http://www.securityfocus.com/bid/96525",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228",
          "https://linux.oracle.com/cve/CVE-2016-10228.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2017-03-02T01:59:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-25013",
        "PkgName": "libc-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013",
        "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
        "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013",
          "https://linux.oracle.com/cve/CVE-2019-25013.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
        ],
        "PublishedDate": "2021-01-04T18:15:00Z",
        "LastModifiedDate": "2021-06-22T14:47:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-27618",
        "PkgName": "libc-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618",
        "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618",
          "https://linux.oracle.com/cve/CVE-2020-27618.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://security.netapp.com/advisory/ntap-20210401-0006/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2021-02-26T23:15:00Z",
        "LastModifiedDate": "2021-04-01T08:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-29562",
        "PkgName": "libc-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29562",
        "Title": "glibc: assertion failure in iconv when converting invalid UCS4",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 4.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://security.netapp.com/advisory/ntap-20210122-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26923",
          "https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html"
        ],
        "PublishedDate": "2020-12-04T07:15:00Z",
        "LastModifiedDate": "2021-03-19T18:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-6096",
        "PkgName": "libc-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096",
        "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
        "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-191"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/attachment.cgi?id=12334",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=25620",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019",
          "https://ubuntu.com/security/notices/USN-4954-1",
          "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
        ],
        "PublishedDate": "2020-04-01T22:15:00Z",
        "LastModifiedDate": "2021-03-04T20:46:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-27645",
        "PkgName": "libc-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645",
        "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
        "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 1.9,
            "V3Score": 2.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=27462"
        ],
        "PublishedDate": "2021-02-24T15:15:00Z",
        "LastModifiedDate": "2021-05-22T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-10228",
        "PkgName": "libc-dev-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228",
        "Title": "glibc: iconv program can hang when invoked with the -c option",
        "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/03/01/10",
          "http://www.securityfocus.com/bid/96525",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228",
          "https://linux.oracle.com/cve/CVE-2016-10228.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2017-03-02T01:59:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-25013",
        "PkgName": "libc-dev-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013",
        "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
        "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013",
          "https://linux.oracle.com/cve/CVE-2019-25013.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
        ],
        "PublishedDate": "2021-01-04T18:15:00Z",
        "LastModifiedDate": "2021-06-22T14:47:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-27618",
        "PkgName": "libc-dev-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618",
        "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618",
          "https://linux.oracle.com/cve/CVE-2020-27618.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://security.netapp.com/advisory/ntap-20210401-0006/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2021-02-26T23:15:00Z",
        "LastModifiedDate": "2021-04-01T08:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-29562",
        "PkgName": "libc-dev-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29562",
        "Title": "glibc: assertion failure in iconv when converting invalid UCS4",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 4.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://security.netapp.com/advisory/ntap-20210122-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26923",
          "https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html"
        ],
        "PublishedDate": "2020-12-04T07:15:00Z",
        "LastModifiedDate": "2021-03-19T18:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-6096",
        "PkgName": "libc-dev-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096",
        "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
        "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-191"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/attachment.cgi?id=12334",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=25620",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019",
          "https://ubuntu.com/security/notices/USN-4954-1",
          "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
        ],
        "PublishedDate": "2020-04-01T22:15:00Z",
        "LastModifiedDate": "2021-03-04T20:46:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-27645",
        "PkgName": "libc-dev-bin",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645",
        "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
        "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 1.9,
            "V3Score": 2.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=27462"
        ],
        "PublishedDate": "2021-02-24T15:15:00Z",
        "LastModifiedDate": "2021-05-22T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-10228",
        "PkgName": "libc6",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228",
        "Title": "glibc: iconv program can hang when invoked with the -c option",
        "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/03/01/10",
          "http://www.securityfocus.com/bid/96525",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228",
          "https://linux.oracle.com/cve/CVE-2016-10228.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2017-03-02T01:59:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-25013",
        "PkgName": "libc6",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013",
        "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
        "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013",
          "https://linux.oracle.com/cve/CVE-2019-25013.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
        ],
        "PublishedDate": "2021-01-04T18:15:00Z",
        "LastModifiedDate": "2021-06-22T14:47:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-27618",
        "PkgName": "libc6",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618",
        "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618",
          "https://linux.oracle.com/cve/CVE-2020-27618.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://security.netapp.com/advisory/ntap-20210401-0006/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2021-02-26T23:15:00Z",
        "LastModifiedDate": "2021-04-01T08:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-29562",
        "PkgName": "libc6",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29562",
        "Title": "glibc: assertion failure in iconv when converting invalid UCS4",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 4.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://security.netapp.com/advisory/ntap-20210122-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26923",
          "https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html"
        ],
        "PublishedDate": "2020-12-04T07:15:00Z",
        "LastModifiedDate": "2021-03-19T18:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-6096",
        "PkgName": "libc6",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096",
        "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
        "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-191"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/attachment.cgi?id=12334",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=25620",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019",
          "https://ubuntu.com/security/notices/USN-4954-1",
          "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
        ],
        "PublishedDate": "2020-04-01T22:15:00Z",
        "LastModifiedDate": "2021-03-04T20:46:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-27645",
        "PkgName": "libc6",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645",
        "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
        "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 1.9,
            "V3Score": 2.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=27462"
        ],
        "PublishedDate": "2021-02-24T15:15:00Z",
        "LastModifiedDate": "2021-05-22T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-10228",
        "PkgName": "libc6-dev",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228",
        "Title": "glibc: iconv program can hang when invoked with the -c option",
        "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/03/01/10",
          "http://www.securityfocus.com/bid/96525",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228",
          "https://linux.oracle.com/cve/CVE-2016-10228.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2017-03-02T01:59:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-25013",
        "PkgName": "libc6-dev",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013",
        "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
        "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013",
          "https://linux.oracle.com/cve/CVE-2019-25013.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
        ],
        "PublishedDate": "2021-01-04T18:15:00Z",
        "LastModifiedDate": "2021-06-22T14:47:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-27618",
        "PkgName": "libc6-dev",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618",
        "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618",
          "https://linux.oracle.com/cve/CVE-2020-27618.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://security.netapp.com/advisory/ntap-20210401-0006/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2021-02-26T23:15:00Z",
        "LastModifiedDate": "2021-04-01T08:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-29562",
        "PkgName": "libc6-dev",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29562",
        "Title": "glibc: assertion failure in iconv when converting invalid UCS4",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 4.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://security.netapp.com/advisory/ntap-20210122-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26923",
          "https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html"
        ],
        "PublishedDate": "2020-12-04T07:15:00Z",
        "LastModifiedDate": "2021-03-19T18:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-6096",
        "PkgName": "libc6-dev",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096",
        "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
        "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-191"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/attachment.cgi?id=12334",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=25620",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019",
          "https://ubuntu.com/security/notices/USN-4954-1",
          "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
        ],
        "PublishedDate": "2020-04-01T22:15:00Z",
        "LastModifiedDate": "2021-03-04T20:46:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-27645",
        "PkgName": "libc6-dev",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645",
        "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
        "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 1.9,
            "V3Score": 2.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=27462"
        ],
        "PublishedDate": "2021-02-24T15:15:00Z",
        "LastModifiedDate": "2021-05-22T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-7475",
        "PkgName": "libcairo-gobject2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7475",
        "Title": "cairo: NULL pointer dereference with a crafted font file",
        "Description": "Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2017/q2/151",
          "https://bugs.freedesktop.org/show_bug.cgi?id=100763",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475",
          "https://github.com/advisories/GHSA-5v3f-73gv-x7x5",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://nvd.nist.gov/vuln/detail/CVE-2017-7475"
        ],
        "PublishedDate": "2017-05-19T20:29:00Z",
        "LastModifiedDate": "2021-03-04T21:09:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-9814",
        "PkgName": "libcairo-gobject2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9814",
        "Title": "cairo: Out-of-bounds read due to mishandling of unexpected malloc(0) call",
        "Description": "cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00042.html",
          "https://bugs.freedesktop.org/show_bug.cgi?id=101547",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9814",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/201904-01"
        ],
        "PublishedDate": "2017-07-17T13:18:00Z",
        "LastModifiedDate": "2021-03-04T21:09:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-18064",
        "PkgName": "libcairo-gobject2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18064",
        "Title": "cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document",
        "Description": "cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18064",
          "https://gitlab.freedesktop.org/cairo/cairo/issues/341",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-10-08T18:29:00Z",
        "LastModifiedDate": "2021-03-15T22:28:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-6461",
        "PkgName": "libcairo-gobject2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6461",
        "Title": "cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c",
        "Description": "An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6461",
          "https://github.com/TeamSeri0us/pocs/tree/master/gerbv",
          "https://gitlab.freedesktop.org/cairo/cairo/issues/352",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2019-01-16T18:29:00Z",
        "LastModifiedDate": "2021-03-04T17:24:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-6462",
        "PkgName": "libcairo-gobject2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6462",
        "Title": "cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c",
        "Description": "An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462",
          "https://github.com/TeamSeri0us/pocs/tree/master/gerbv",
          "https://gitlab.freedesktop.org/cairo/cairo/issues/353",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2019-01-16T18:29:00Z",
        "LastModifiedDate": "2021-03-04T17:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-7475",
        "PkgName": "libcairo2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-7475",
        "Title": "cairo: NULL pointer dereference with a crafted font file",
        "Description": "Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2017/q2/151",
          "https://bugs.freedesktop.org/show_bug.cgi?id=100763",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475",
          "https://github.com/advisories/GHSA-5v3f-73gv-x7x5",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://nvd.nist.gov/vuln/detail/CVE-2017-7475"
        ],
        "PublishedDate": "2017-05-19T20:29:00Z",
        "LastModifiedDate": "2021-03-04T21:09:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-9814",
        "PkgName": "libcairo2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9814",
        "Title": "cairo: Out-of-bounds read due to mishandling of unexpected malloc(0) call",
        "Description": "cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00042.html",
          "https://bugs.freedesktop.org/show_bug.cgi?id=101547",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9814",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/201904-01"
        ],
        "PublishedDate": "2017-07-17T13:18:00Z",
        "LastModifiedDate": "2021-03-04T21:09:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-18064",
        "PkgName": "libcairo2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-18064",
        "Title": "cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document",
        "Description": "cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18064",
          "https://gitlab.freedesktop.org/cairo/cairo/issues/341",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-10-08T18:29:00Z",
        "LastModifiedDate": "2021-03-15T22:28:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-6461",
        "PkgName": "libcairo2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6461",
        "Title": "cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c",
        "Description": "An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6461",
          "https://github.com/TeamSeri0us/pocs/tree/master/gerbv",
          "https://gitlab.freedesktop.org/cairo/cairo/issues/352",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2019-01-16T18:29:00Z",
        "LastModifiedDate": "2021-03-04T17:24:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-6462",
        "PkgName": "libcairo2",
        "InstalledVersion": "1.16.0-4ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6462",
        "Title": "cairo: infinite loop in the function _arc_error_normalized in the file cairo-arc.c",
        "Description": "An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6462",
          "https://github.com/TeamSeri0us/pocs/tree/master/gerbv",
          "https://gitlab.freedesktop.org/cairo/cairo/issues/353",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2019-01-16T18:29:00Z",
        "LastModifiedDate": "2021-03-04T17:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13716",
        "PkgName": "libctf-nobfd0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
        "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
        "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
        ],
        "PublishedDate": "2017-08-28T21:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20657",
        "PkgName": "libctf-nobfd0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
        "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
        "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106444",
          "https://access.redhat.com/errata/RHSA-2019:3352",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657",
          "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
          "https://linux.oracle.com/cve/CVE-2018-20657.html",
          "https://linux.oracle.com/errata/ELSA-2019-3352.html",
          "https://support.f5.com/csp/article/K62602089"
        ],
        "PublishedDate": "2019-01-02T14:29:00Z",
        "LastModifiedDate": "2019-11-06T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010204",
        "PkgName": "libctf-nobfd0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
        "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
        "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125",
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204",
          "https://linux.oracle.com/cve/CVE-2019-1010204.html",
          "https://linux.oracle.com/errata/ELSA-2020-1797.html",
          "https://security.netapp.com/advisory/ntap-20190822-0001/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
          "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp;utm_medium=RSS"
        ],
        "PublishedDate": "2019-07-23T14:15:00Z",
        "LastModifiedDate": "2019-08-22T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3487",
        "PkgName": "libctf-nobfd0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3487",
        "Title": "binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()",
        "Description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20",
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
        ],
        "PublishedDate": "2021-04-15T14:15:00Z",
        "LastModifiedDate": "2021-05-04T12:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13716",
        "PkgName": "libctf0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13716",
        "Title": "binutils: Memory leak with the C++ symbol demangler routine in libiberty",
        "Description": "The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=22009"
        ],
        "PublishedDate": "2017-08-28T21:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-20657",
        "PkgName": "libctf0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-20657",
        "Title": "libiberty: Memory leak in demangle_template function resulting in a denial of service",
        "Description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106444",
          "https://access.redhat.com/errata/RHSA-2019:3352",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20657",
          "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539",
          "https://linux.oracle.com/cve/CVE-2018-20657.html",
          "https://linux.oracle.com/errata/ELSA-2019-3352.html",
          "https://support.f5.com/csp/article/K62602089"
        ],
        "PublishedDate": "2019-01-02T14:29:00Z",
        "LastModifiedDate": "2019-11-06T01:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-1010204",
        "PkgName": "libctf0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010204",
        "Title": "binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service",
        "Description": "GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125",
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010204",
          "https://linux.oracle.com/cve/CVE-2019-1010204.html",
          "https://linux.oracle.com/errata/ELSA-2020-1797.html",
          "https://security.netapp.com/advisory/ntap-20190822-0001/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=23765",
          "https://support.f5.com/csp/article/K05032915?utm_source=f5support\u0026amp;utm_medium=RSS"
        ],
        "PublishedDate": "2019-07-23T14:15:00Z",
        "LastModifiedDate": "2019-08-22T07:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3487",
        "PkgName": "libctf0",
        "InstalledVersion": "2.34-6ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3487",
        "Title": "binutils: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()",
        "Description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20",
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1947111",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/"
        ],
        "PublishedDate": "2021-04-15T14:15:00Z",
        "LastModifiedDate": "2021-05-04T12:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-8842",
        "PkgName": "libcups2",
        "InstalledVersion": "2.3.1-9ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8842",
        "Description": "A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-120"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "V2Score": 2.6,
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8842",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT210788"
        ],
        "PublishedDate": "2020-10-27T20:15:00Z",
        "LastModifiedDate": "2021-03-15T18:27:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-10001",
        "PkgName": "libcups2",
        "InstalledVersion": "2.3.1-9ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-10001",
        "Title": "cups: access to uninitialized buffer in ipp.c",
        "Description": "An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10001",
          "https://support.apple.com/en-us/HT212011"
        ],
        "PublishedDate": "2021-04-02T18:15:00Z",
        "LastModifiedDate": "2021-04-07T15:48:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-22898",
        "PkgName": "libcurl3-gnutls",
        "InstalledVersion": "7.68.0-1ubuntu2.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22898",
        "Title": "curl: TELNET stack contents disclosure",
        "Description": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-909"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "V3Score": 3.1
          }
        },
        "References": [
          "https://curl.se/docs/CVE-2021-22898.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898",
          "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde",
          "https://hackerone.com/reports/1176461",
          "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
        ],
        "PublishedDate": "2021-06-11T16:15:00Z",
        "LastModifiedDate": "2021-06-22T16:23:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-22898",
        "PkgName": "libcurl4",
        "InstalledVersion": "7.68.0-1ubuntu2.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-22898",
        "Title": "curl: TELNET stack contents disclosure",
        "Description": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-909"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
            "V3Score": 3.1
          }
        },
        "References": [
          "https://curl.se/docs/CVE-2021-22898.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898",
          "https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde",
          "https://hackerone.com/reports/1176461",
          "https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E"
        ],
        "PublishedDate": "2021-06-11T16:15:00Z",
        "LastModifiedDate": "2021-06-22T16:23:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-12648",
        "PkgName": "libexempi8",
        "InstalledVersion": "2.5.1-1build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12648",
        "Title": "exempi: NULL pointer dereference in WEBP_Support.hpp:WEBP::GetLE32() allows for denial of service",
        "Description": "The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBP_Support.hpp in Exempi 2.4.5 has a NULL pointer dereference.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00070.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00075.html",
          "https://bugs.freedesktop.org/show_bug.cgi?id=106981",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12648"
        ],
        "PublishedDate": "2018-06-22T13:29:00Z",
        "LastModifiedDate": "2019-06-27T12:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-0499",
        "PkgName": "libflac8",
        "InstalledVersion": "1.3.3-1build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-0499",
        "Title": "flac: out-of-bounds read can lead to denial of service",
        "Description": "In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156076070",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V2Score": 4.3,
            "V3Score": 4.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://android.googlesource.com/platform/external/flac/+/029048f823ced50f63a92e25073427ec3a9bd909%5E%21/#F0",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0499",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.debian.org/debian-lts-announce/2021/01/msg00001.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33W6XZAAEJYRGU3XYHRO7XSYEA7YACUB/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNZYTAU5UWBVXVJ4VHDWPR66ZVDLQZRE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPA5GAEKPXKAHGHHBI4X7AFNI4BMOVG3/",
          "https://source.android.com/security/bulletin/pixel/2020-12-01"
        ],
        "PublishedDate": "2020-12-15T16:15:00Z",
        "LastModifiedDate": "2021-02-25T22:14:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "libgcc-8-dev",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "libgcc-9-dev",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-33560",
        "PkgName": "libgcrypt20",
        "InstalledVersion": "1.8.5-5ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33560",
        "Title": "libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm",
        "Description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. (There is also an interoperability problem because the selection of the k integer value does not properly consider the differences between basic ElGamal encryption and generalized ElGamal encryption.) This, for example, affects use of ElGamal in OpenPGP.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-203"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560",
          "https://dev.gnupg.org/T5305",
          "https://dev.gnupg.org/T5328",
          "https://dev.gnupg.org/T5466",
          "https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61",
          "https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html"
        ],
        "PublishedDate": "2021-06-08T11:15:00Z",
        "LastModifiedDate": "2021-06-25T02:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "libgfortran-8-dev",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-23922",
        "PkgName": "libgif7",
        "InstalledVersion": "5.1.9-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-23922",
        "Title": "giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool",
        "Description": "An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "V2Score": 5.8,
            "V3Score": 7.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23922",
          "https://sourceforge.net/p/giflib/bugs/151/"
        ],
        "PublishedDate": "2021-04-21T18:15:00Z",
        "LastModifiedDate": "2021-05-05T19:19:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20231",
        "PkgName": "libgnutls30",
        "InstalledVersion": "3.6.13-2ubuntu1.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20231",
        "Title": "gnutls: Use after free in client key_share extension",
        "Description": "A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-416"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.5,
            "V3Score": 9.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 3.7
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1922276",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20231",
          "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
          "https://security.netapp.com/advisory/ntap-20210416-0005/",
          "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
        ],
        "PublishedDate": "2021-03-12T19:15:00Z",
        "LastModifiedDate": "2021-06-01T14:07:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20232",
        "PkgName": "libgnutls30",
        "InstalledVersion": "3.6.13-2ubuntu1.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20232",
        "Title": "gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c",
        "Description": "A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-416"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.5,
            "V3Score": 9.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 3.7
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1922275",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20232",
          "https://lists.apache.org/thread.html/r50661d6f0082709aad9a584431b59ec364f9974b63b07e0800230168@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r5d4001031e7790d8c6396c499522b4ed2aab782da87b1a14184793bb@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r5f88bed447742fcc5c47bf1c7be965ef450131914a6e1f85feba2779@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r6ac143ba6dd98bd4bf6bf010d46e56e254056459721ba18822d611f7@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/r9cbc69e57276413788e90a6ee16c7c034ea4258d31935b70db2bd158@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/rcd70a4c88a47a75fd2d5f3ffb7cee8c2a18c713320bd90fdcb57495f@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/rf5e1256d870193def4a82ad89ab95e63943a313b5ff0d81aa87e4532@%3Cissues.spark.apache.org%3E",
          "https://lists.apache.org/thread.html/rfd5273d72d244178441e6904a2f2b41a3268f569e8092ea0b3b2bb20@%3Cissues.spark.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OSLAE6PP33A7VYRYMYMUVB3U6B26GZER/",
          "https://security.netapp.com/advisory/ntap-20210416-0005/",
          "https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10"
        ],
        "PublishedDate": "2021-03-12T19:15:00Z",
        "LastModifiedDate": "2021-05-17T14:30:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libgssapi-krb5-2",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libgssrpc4",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-10767",
        "PkgName": "libgxps2",
        "InstalledVersion": "0.3.1-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10767",
        "Title": "libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c",
        "Description": "There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://access.redhat.com/errata/RHBA-2019:0327",
          "https://access.redhat.com/errata/RHSA-2018:3140",
          "https://access.redhat.com/errata/RHSA-2018:3505",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1575188",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10767",
          "https://linux.oracle.com/cve/CVE-2018-10767.html",
          "https://linux.oracle.com/errata/ELSA-2018-3140.html"
        ],
        "PublishedDate": "2018-05-06T23:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-17507",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17507",
        "Title": "hdf5: Out-of-bounds read in the H5T_conv_struct_opt function",
        "Description": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507",
          "https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md",
          "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
        ],
        "PublishedDate": "2017-12-11T03:29:00Z",
        "LastModifiedDate": "2017-12-19T20:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17233",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17233",
        "Title": "hdf5: SIGFPE signal in H5D__create_chunk_file_map_hyper() of H5Dchunk.c",
        "Description": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2018-11-21T18:50:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17234",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17234",
        "Title": "hdf5: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c",
        "Description": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17432",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17432",
        "Title": "hdf5: NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c",
        "Description": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17433",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17433",
        "Title": "hdf5: heap-based buffer overflow in ReadGifImageDesc() in gifread.c",
        "Description": "A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17434",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17434",
        "Title": "hdf5: SIGFPE signal in apply_filters() in h5repack_filters.c",
        "Description": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-28T21:20:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17437",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17437",
        "Title": "hdf5: memory leak in H5O_dtype_decode_helper() in H5Odtype.c",
        "Description": "Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17438",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17438",
        "Title": "hdf5: SIGFPE signal in function H5D__select_io() of H5Dselect.c",
        "Description": "A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:56:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-8397",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8397",
        "Title": "hdf5: Out-of-Bounds Read in function H5T_close_real in H5T.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul5"
        ],
        "PublishedDate": "2019-02-17T06:29:00Z",
        "LastModifiedDate": "2019-02-19T21:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9151",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9151",
        "Title": "hdf5: out of bounds read in function H5VM_memcpyvv in H5VM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:18:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9152",
        "PkgName": "libhdf5-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9152",
        "Title": "hdf5: out of bounds read in function H5MM_xstrdup in H5MM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul8"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:17:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-17507",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17507",
        "Title": "hdf5: Out-of-bounds read in the H5T_conv_struct_opt function",
        "Description": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507",
          "https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md",
          "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
        ],
        "PublishedDate": "2017-12-11T03:29:00Z",
        "LastModifiedDate": "2017-12-19T20:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17233",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17233",
        "Title": "hdf5: SIGFPE signal in H5D__create_chunk_file_map_hyper() of H5Dchunk.c",
        "Description": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2018-11-21T18:50:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17234",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17234",
        "Title": "hdf5: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c",
        "Description": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17432",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17432",
        "Title": "hdf5: NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c",
        "Description": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17433",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17433",
        "Title": "hdf5: heap-based buffer overflow in ReadGifImageDesc() in gifread.c",
        "Description": "A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17434",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17434",
        "Title": "hdf5: SIGFPE signal in apply_filters() in h5repack_filters.c",
        "Description": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-28T21:20:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17437",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17437",
        "Title": "hdf5: memory leak in H5O_dtype_decode_helper() in H5Odtype.c",
        "Description": "Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17438",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17438",
        "Title": "hdf5: SIGFPE signal in function H5D__select_io() of H5Dselect.c",
        "Description": "A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:56:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-8397",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8397",
        "Title": "hdf5: Out-of-Bounds Read in function H5T_close_real in H5T.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul5"
        ],
        "PublishedDate": "2019-02-17T06:29:00Z",
        "LastModifiedDate": "2019-02-19T21:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9151",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9151",
        "Title": "hdf5: out of bounds read in function H5VM_memcpyvv in H5VM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:18:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9152",
        "PkgName": "libhdf5-cpp-103",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9152",
        "Title": "hdf5: out of bounds read in function H5MM_xstrdup in H5MM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul8"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:17:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-17507",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-17507",
        "Title": "hdf5: Out-of-bounds read in the H5T_conv_struct_opt function",
        "Description": "In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17507",
          "https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md",
          "https://github.com/xiaoqx/pocs/tree/master/hdf5/readme.md"
        ],
        "PublishedDate": "2017-12-11T03:29:00Z",
        "LastModifiedDate": "2017-12-19T20:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17233",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17233",
        "Title": "hdf5: SIGFPE signal in H5D__create_chunk_file_map_hyper() of H5Dchunk.c",
        "Description": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17233",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2018-11-21T18:50:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17234",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17234",
        "Title": "hdf5: Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c",
        "Description": "Memory leak in the H5O__chunk_deserialize() function in H5Ocache.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17234",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln3#memory-leak---h5o__chunk_deserialize_memory_leak"
        ],
        "PublishedDate": "2018-09-20T06:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17432",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17432",
        "Title": "hdf5: NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c",
        "Description": "A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17432",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln6#null-pointer-dereference-in-h5o_sdspace_encode"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17433",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17433",
        "Title": "hdf5: heap-based buffer overflow in ReadGifImageDesc() in gifread.c",
        "Description": "A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17433",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln8#heap-overflow-in-readgifimagedesc"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17434",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17434",
        "Title": "hdf5: SIGFPE signal in apply_filters() in h5repack_filters.c",
        "Description": "A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17434",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_apply_filters_h5repack_filters"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-28T21:20:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17437",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17437",
        "Title": "hdf5: memory leak in H5O_dtype_decode_helper() in H5Odtype.c",
        "Description": "Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-772"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17437",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln5#memory-leak-in-h5o_dtype_decode_helper"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17438",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17438",
        "Title": "hdf5: SIGFPE signal in function H5D__select_io() of H5Dselect.c",
        "Description": "A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-369"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 4.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17438",
          "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln4#divided-by-zero---poc_h5d__select_io_h5dselect"
        ],
        "PublishedDate": "2018-09-24T14:29:00Z",
        "LastModifiedDate": "2018-11-09T20:56:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-8397",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-8397",
        "Title": "hdf5: Out-of-Bounds Read in function H5T_close_real in H5T.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8397",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul5"
        ],
        "PublishedDate": "2019-02-17T06:29:00Z",
        "LastModifiedDate": "2019-02-19T21:04:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9151",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9151",
        "Title": "hdf5: out of bounds read in function H5VM_memcpyvv in H5VM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9151",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul7"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:18:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9152",
        "PkgName": "libhdf5-dev",
        "InstalledVersion": "1.10.4+repack-11ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9152",
        "Title": "hdf5: out of bounds read in function H5MM_xstrdup in H5MM.c",
        "Description": "An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9152",
          "https://github.com/magicSwordsMan/PAAFS/tree/master/vul8"
        ],
        "PublishedDate": "2019-02-25T19:29:00Z",
        "LastModifiedDate": "2019-02-26T14:17:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-9937",
        "PkgName": "libjbig-dev",
        "InstalledVersion": "2.1-3.1build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9937",
        "Title": "libtiff: memory malloc failure in tif_jbig.c could cause DOS.",
        "Description": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-119"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://bugzilla.maptools.org/show_bug.cgi?id=2707",
          "http://www.securityfocus.com/bid/99304",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9937",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-06-26T12:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-9937",
        "PkgName": "libjbig0",
        "InstalledVersion": "2.1-3.1build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-9937",
        "Title": "libtiff: memory malloc failure in tif_jbig.c could cause DOS.",
        "Description": "In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-119"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://bugzilla.maptools.org/show_bug.cgi?id=2707",
          "http://www.securityfocus.com/bid/99304",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9937",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-06-26T12:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17541",
        "PkgName": "libjpeg-turbo8",
        "InstalledVersion": "2.0.3-0ubuntu1.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17541",
        "Title": "libjpeg-turbo: Stack-based buffer overflow in the \"transform\" component",
        "Description": "Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 8.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541",
          "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392"
        ],
        "PublishedDate": "2021-06-01T15:15:00Z",
        "LastModifiedDate": "2021-06-14T15:21:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17541",
        "PkgName": "libjpeg-turbo8-dev",
        "InstalledVersion": "2.0.3-0ubuntu1.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17541",
        "Title": "libjpeg-turbo: Stack-based buffer overflow in the \"transform\" component",
        "Description": "Libjpeg-turbo all version have a stack-based buffer overflow in the \"transform\" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 8.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541",
          "https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392"
        ],
        "PublishedDate": "2021-06-01T15:15:00Z",
        "LastModifiedDate": "2021-06-14T15:21:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libk5crypto3",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libkadm5clnt-mit11",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libkadm5srv-mit11",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libkdb5-9",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libkrb5-3",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libkrb5-dev",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-5709",
        "PkgName": "libkrb5support0",
        "InstalledVersion": "1.17-6ubuntu4.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-5709",
        "Title": "krb5: integer overflow in dbentry-\u003en_key_data in kadmin/dbutil/dump.c",
        "Description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "V3Score": 6.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709",
          "https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-01-16T09:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36278",
        "PkgName": "liblept5",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36278",
        "Title": "leptonica: heap-based buffer overflow in findNextBorderPixel in ccbord.c",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36278",
          "https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T00:15:00Z",
        "LastModifiedDate": "2021-04-22T12:57:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36279",
        "PkgName": "liblept5",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36279",
        "Title": "leptonica: heap-based buffer overflow in rasteropGeneralLow",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279",
          "https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T00:15:00Z",
        "LastModifiedDate": "2021-04-22T12:57:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36280",
        "PkgName": "liblept5",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36280",
        "Title": "leptonica: heap-based buffer overflow in pixReadFromTiffStream",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36280",
          "https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T00:15:00Z",
        "LastModifiedDate": "2021-04-22T12:58:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36281",
        "PkgName": "liblept5",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36281",
        "Title": "leptonica: heap-based buffer overflow in pixFewColorsOctcubeQuantMixed in colorquant1.c",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36281",
          "https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T01:15:00Z",
        "LastModifiedDate": "2021-04-22T12:58:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36278",
        "PkgName": "libleptonica-dev",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36278",
        "Title": "leptonica: heap-based buffer overflow in findNextBorderPixel in ccbord.c",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36278",
          "https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T00:15:00Z",
        "LastModifiedDate": "2021-04-22T12:57:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36279",
        "PkgName": "libleptonica-dev",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36279",
        "Title": "leptonica: heap-based buffer overflow in rasteropGeneralLow",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36279",
          "https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T00:15:00Z",
        "LastModifiedDate": "2021-04-22T12:57:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36280",
        "PkgName": "libleptonica-dev",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36280",
        "Title": "leptonica: heap-based buffer overflow in pixReadFromTiffStream",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36280",
          "https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T00:15:00Z",
        "LastModifiedDate": "2021-04-22T12:58:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36281",
        "PkgName": "libleptonica-dev",
        "InstalledVersion": "1.79.0-1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36281",
        "Title": "leptonica: heap-based buffer overflow in pixFewColorsOctcubeQuantMixed in colorquant1.c",
        "Description": "Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36281",
          "https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5",
          "https://github.com/DanBloomberg/leptonica/compare/1.79.0...1.80.0",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00037.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQUEA2X6UTH4DMYCMZAWE2QQLN5YANUA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RD5AIWHWE334HGYZJR2U3I3JYKSSO2LW/"
        ],
        "PublishedDate": "2021-03-12T01:15:00Z",
        "LastModifiedDate": "2021-04-22T12:58:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "libmpx2",
        "InstalledVersion": "8.4.0-3ubuntu2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-25648",
        "PkgName": "libnss3",
        "InstalledVersion": "2:3.49.1-1ubuntu1.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-25648",
        "Title": "nss: TLS 1.3 CCS flood remote DoS Attack",
        "Description": "A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1887319",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648",
          "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes",
          "https://linux.oracle.com/cve/CVE-2020-25648.html",
          "https://linux.oracle.com/errata/ELSA-2021-1384.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRM53IQCPZT2US3M7JXTP6I6IBA5RGOD/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPOLN6DJUYQ3QBQEGLZGV73SNIPK7GHV/"
        ],
        "PublishedDate": "2020-10-20T22:15:00Z",
        "LastModifiedDate": "2021-03-15T18:26:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20296",
        "PkgName": "libopenexr-dev",
        "InstalledVersion": "2.3.0-6ubuntu0.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20296",
        "Title": "OpenEXR: Segv on unknown address in Imf_2_5::hufUncompress - Null Pointer dereference",
        "Description": "A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1939141",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20296",
          "https://ubuntu.com/security/notices/USN-4996-1",
          "https://ubuntu.com/security/notices/USN-4996-2"
        ],
        "PublishedDate": "2021-04-01T14:15:00Z",
        "LastModifiedDate": "2021-05-26T15:11:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3598",
        "PkgName": "libopenexr-dev",
        "InstalledVersion": "2.3.0-6ubuntu0.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3598",
        "Title": "OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readChars",
        "Description": "There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
        "Severity": "LOW",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 4
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598",
          "https://github.com/AcademySoftwareFoundation/openexr/pull/1037",
          "https://ubuntu.com/security/notices/USN-4996-1",
          "https://ubuntu.com/security/notices/USN-4996-2"
        ]
      },
      {
        "VulnerabilityID": "CVE-2021-20296",
        "PkgName": "libopenexr24",
        "InstalledVersion": "2.3.0-6ubuntu0.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20296",
        "Title": "OpenEXR: Segv on unknown address in Imf_2_5::hufUncompress - Null Pointer dereference",
        "Description": "A flaw was found in OpenEXR in versions before 3.0.0-beta. A crafted input file supplied by an attacker, that is processed by the Dwa decompression functionality of OpenEXR's IlmImf library, could cause a NULL pointer dereference. The highest threat from this vulnerability is to system availability.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24854",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1939141",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20296",
          "https://ubuntu.com/security/notices/USN-4996-1",
          "https://ubuntu.com/security/notices/USN-4996-2"
        ],
        "PublishedDate": "2021-04-01T14:15:00Z",
        "LastModifiedDate": "2021-05-26T15:11:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3598",
        "PkgName": "libopenexr24",
        "InstalledVersion": "2.3.0-6ubuntu0.5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3598",
        "Title": "OpenEXR: Heap buffer overflow in Imf_3_1::CharPtrIO::readChars",
        "Description": "There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality. An attacker who is able to submit a crafted file to an application linked with OpenEXR could cause an out-of-bounds read. The greatest risk from this flaw is to application availability.",
        "Severity": "LOW",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 4
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3598",
          "https://github.com/AcademySoftwareFoundation/openexr/pull/1037",
          "https://ubuntu.com/security/notices/USN-4996-1",
          "https://ubuntu.com/security/notices/USN-4996-2"
        ]
      },
      {
        "VulnerabilityID": "CVE-2019-6988",
        "PkgName": "libopenjp2-7",
        "InstalledVersion": "2.3.1-1ubuntu4.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-6988",
        "Title": "openjpeg: DoS via memory exhaustion in opj_decompress",
        "Description": "An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-770"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.5
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106785",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6988",
          "https://github.com/uclouvain/openjpeg/issues/1178"
        ],
        "PublishedDate": "2019-01-28T16:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-29338",
        "PkgName": "libopenjp2-7",
        "InstalledVersion": "2.3.1-1ubuntu4.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-29338",
        "Title": "openjpeg2: out-of-bounds write due to an integer overflow in opj_compress.c",
        "Description": "Integer Overflow in OpenJPEG v2.4.0 allows remote attackers to crash the application, causing a Denial of Service (DoS). This occurs when the attacker uses the command line option \"-ImgDir\" on a directory that contains 1048576 files.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "V3Score": 6.2
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29338",
          "https://github.com/uclouvain/openjpeg/issues/1338",
          "https://github.com/uclouvain/openjpeg/pull/1346",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ54FGM2IGAP4AWSJ22JKHOPHCR3FGYU/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB6AI7CWXWMEDZIQY4LQ6DMIEXMDOHUP/"
        ],
        "PublishedDate": "2021-04-14T14:15:00Z",
        "LastModifiedDate": "2021-06-12T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "libpam-systemd",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-11164",
        "PkgName": "libpcre16-3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164",
        "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
        "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-674"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.8,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/07/11/3",
          "http://www.securityfocus.com/bid/99575",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-07-11T03:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20838",
        "PkgName": "libpcre16-3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20838",
        "Title": "pcre: buffer over-read in JIT when UTF is disabled",
        "Description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-15T18:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14155",
        "PkgName": "libpcre16-3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155",
        "Title": "pcre: integer overflow in libpcre",
        "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:43:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-11164",
        "PkgName": "libpcre3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164",
        "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
        "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-674"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.8,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/07/11/3",
          "http://www.securityfocus.com/bid/99575",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-07-11T03:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20838",
        "PkgName": "libpcre3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20838",
        "Title": "pcre: buffer over-read in JIT when UTF is disabled",
        "Description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-15T18:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14155",
        "PkgName": "libpcre3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155",
        "Title": "pcre: integer overflow in libpcre",
        "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:43:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-11164",
        "PkgName": "libpcre3-dev",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164",
        "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
        "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-674"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.8,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/07/11/3",
          "http://www.securityfocus.com/bid/99575",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-07-11T03:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20838",
        "PkgName": "libpcre3-dev",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20838",
        "Title": "pcre: buffer over-read in JIT when UTF is disabled",
        "Description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-15T18:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14155",
        "PkgName": "libpcre3-dev",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155",
        "Title": "pcre: integer overflow in libpcre",
        "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:43:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-11164",
        "PkgName": "libpcre32-3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164",
        "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
        "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-674"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.8,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/07/11/3",
          "http://www.securityfocus.com/bid/99575",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-07-11T03:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20838",
        "PkgName": "libpcre32-3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20838",
        "Title": "pcre: buffer over-read in JIT when UTF is disabled",
        "Description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-15T18:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14155",
        "PkgName": "libpcre32-3",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155",
        "Title": "pcre: integer overflow in libpcre",
        "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:43:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-11164",
        "PkgName": "libpcrecpp0v5",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-11164",
        "Title": "pcre: OP_KETRMAX feature in the match function in pcre_exec.c",
        "Description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-674"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.8,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/07/11/3",
          "http://www.securityfocus.com/bid/99575",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2017-07-11T03:29:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-20838",
        "PkgName": "libpcrecpp0v5",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-20838",
        "Title": "pcre: buffer over-read in JIT when UTF is disabled",
        "Description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-15T18:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14155",
        "PkgName": "libpcrecpp0v5",
        "InstalledVersion": "2:8.39-12build1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14155",
        "Title": "pcre: integer overflow in libpcre",
        "Description": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2021/Feb/14",
          "https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/",
          "https://bugs.gentoo.org/717920",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/kb/HT211931",
          "https://support.apple.com/kb/HT212147",
          "https://www.pcre.org/original/changelog.txt"
        ],
        "PublishedDate": "2020-06-15T17:15:00Z",
        "LastModifiedDate": "2021-03-04T21:43:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-2568",
        "PkgName": "libpolkit-agent-1-0",
        "InstalledVersion": "0.105-26ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2568",
        "Title": "polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl",
        "Description": "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-116"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "V2Score": 4.4,
            "V3Score": 7.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "V2Score": 5.1,
            "V3Score": 6.1
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2016/q1/443",
          "http://www.openwall.com/lists/oss-security/2016/02/26/3",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1300746",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2568",
          "https://lore.kernel.org/patchwork/patch/793178/"
        ],
        "PublishedDate": "2017-02-13T18:59:00Z",
        "LastModifiedDate": "2017-03-09T18:30:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-2568",
        "PkgName": "libpolkit-gobject-1-0",
        "InstalledVersion": "0.105-26ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2568",
        "Title": "polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl",
        "Description": "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-116"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "V2Score": 4.4,
            "V3Score": 7.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "V2Score": 5.1,
            "V3Score": 6.1
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2016/q1/443",
          "http://www.openwall.com/lists/oss-security/2016/02/26/3",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1300746",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2568",
          "https://lore.kernel.org/patchwork/patch/793178/"
        ],
        "PublishedDate": "2017-02-13T18:59:00Z",
        "LastModifiedDate": "2017-03-09T18:30:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9543",
        "PkgName": "libpoppler-glib8",
        "InstalledVersion": "0.86.1-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9543",
        "Title": "poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial of service",
        "Description": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/107238",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9543",
          "https://gitlab.freedesktop.org/poppler/poppler/issues/730",
          "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
        ],
        "PublishedDate": "2019-03-01T19:29:00Z",
        "LastModifiedDate": "2019-03-07T20:48:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9545",
        "PkgName": "libpoppler-glib8",
        "InstalledVersion": "0.86.1-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9545",
        "Title": "poppler: recursive function call in JBIG2Stream::readTextRegion() in JBIG2Stream.cc causing denial of service",
        "Description": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9545",
          "https://gitlab.freedesktop.org/poppler/poppler/issues/731",
          "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
        ],
        "PublishedDate": "2019-03-01T19:29:00Z",
        "LastModifiedDate": "2019-03-04T15:10:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9543",
        "PkgName": "libpoppler97",
        "InstalledVersion": "0.86.1-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9543",
        "Title": "poppler: recursive function call in JBIG2Stream::readGenericBitmap() in JBIG2Stream.cc causing denial of service",
        "Description": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/107238",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9543",
          "https://gitlab.freedesktop.org/poppler/poppler/issues/730",
          "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/"
        ],
        "PublishedDate": "2019-03-01T19:29:00Z",
        "LastModifiedDate": "2019-03-07T20:48:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-9545",
        "PkgName": "libpoppler97",
        "InstalledVersion": "0.86.1-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-9545",
        "Title": "poppler: recursive function call in JBIG2Stream::readTextRegion() in JBIG2Stream.cc causing denial of service",
        "Description": "An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9545",
          "https://gitlab.freedesktop.org/poppler/poppler/issues/731",
          "https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/"
        ],
        "PublishedDate": "2019-03-01T19:29:00Z",
        "LastModifiedDate": "2019-03-04T15:10:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-5237",
        "PkgName": "libprotobuf-dev",
        "InstalledVersion": "3.6.1.3-2ubuntu5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5237",
        "Title": "protobuf: integer overflow in serialization",
        "Description": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.5,
            "V3Score": 8.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "V2Score": 2.6
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2015/08/27/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237",
          "https://github.com/google/protobuf/issues/760",
          "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
        ],
        "PublishedDate": "2017-09-25T17:29:00Z",
        "LastModifiedDate": "2021-06-24T15:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-5237",
        "PkgName": "libprotobuf-lite17",
        "InstalledVersion": "3.6.1.3-2ubuntu5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5237",
        "Title": "protobuf: integer overflow in serialization",
        "Description": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.5,
            "V3Score": 8.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "V2Score": 2.6
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2015/08/27/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237",
          "https://github.com/google/protobuf/issues/760",
          "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
        ],
        "PublishedDate": "2017-09-25T17:29:00Z",
        "LastModifiedDate": "2021-06-24T15:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-5237",
        "PkgName": "libprotobuf17",
        "InstalledVersion": "3.6.1.3-2ubuntu5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5237",
        "Title": "protobuf: integer overflow in serialization",
        "Description": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.5,
            "V3Score": 8.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "V2Score": 2.6
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2015/08/27/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237",
          "https://github.com/google/protobuf/issues/760",
          "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
        ],
        "PublishedDate": "2017-09-25T17:29:00Z",
        "LastModifiedDate": "2021-06-24T15:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-5237",
        "PkgName": "libprotoc-dev",
        "InstalledVersion": "3.6.1.3-2ubuntu5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5237",
        "Title": "protobuf: integer overflow in serialization",
        "Description": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.5,
            "V3Score": 8.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "V2Score": 2.6
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2015/08/27/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237",
          "https://github.com/google/protobuf/issues/760",
          "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
        ],
        "PublishedDate": "2017-09-25T17:29:00Z",
        "LastModifiedDate": "2021-06-24T15:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-5237",
        "PkgName": "libprotoc17",
        "InstalledVersion": "3.6.1.3-2ubuntu5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5237",
        "Title": "protobuf: integer overflow in serialization",
        "Description": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.5,
            "V3Score": 8.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "V2Score": 2.6
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2015/08/27/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237",
          "https://github.com/google/protobuf/issues/760",
          "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
        ],
        "PublishedDate": "2017-09-25T17:29:00Z",
        "LastModifiedDate": "2021-06-24T15:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-23336",
        "PkgName": "libpython3.8",
        "InstalledVersion": "3.8.5-1~20.04.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23336",
        "Title": "python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters",
        "Description": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-444"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V2Score": 4,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/02/19/4",
          "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336",
          "https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)",
          "https://github.com/python/cpython/pull/24297",
          "https://linux.oracle.com/cve/CVE-2021-23336.html",
          "https://linux.oracle.com/errata/ELSA-2021-1633.html",
          "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/",
          "https://security.gentoo.org/glsa/202104-04",
          "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "https://ubuntu.com/security/notices/USN-4742-1",
          "https://www.djangoproject.com/weblog/2021/feb/19/security-releases/",
          "https://www.oracle.com/security-alerts/cpuApr2021.html"
        ],
        "PublishedDate": "2021-02-15T13:15:00Z",
        "LastModifiedDate": "2021-06-17T17:13:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-23336",
        "PkgName": "libpython3.8-minimal",
        "InstalledVersion": "3.8.5-1~20.04.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23336",
        "Title": "python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters",
        "Description": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-444"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V2Score": 4,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/02/19/4",
          "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336",
          "https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)",
          "https://github.com/python/cpython/pull/24297",
          "https://linux.oracle.com/cve/CVE-2021-23336.html",
          "https://linux.oracle.com/errata/ELSA-2021-1633.html",
          "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/",
          "https://security.gentoo.org/glsa/202104-04",
          "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "https://ubuntu.com/security/notices/USN-4742-1",
          "https://www.djangoproject.com/weblog/2021/feb/19/security-releases/",
          "https://www.oracle.com/security-alerts/cpuApr2021.html"
        ],
        "PublishedDate": "2021-02-15T13:15:00Z",
        "LastModifiedDate": "2021-06-17T17:13:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-23336",
        "PkgName": "libpython3.8-stdlib",
        "InstalledVersion": "3.8.5-1~20.04.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23336",
        "Title": "python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters",
        "Description": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-444"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V2Score": 4,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/02/19/4",
          "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336",
          "https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)",
          "https://github.com/python/cpython/pull/24297",
          "https://linux.oracle.com/cve/CVE-2021-23336.html",
          "https://linux.oracle.com/errata/ELSA-2021-1633.html",
          "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/",
          "https://security.gentoo.org/glsa/202104-04",
          "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "https://ubuntu.com/security/notices/USN-4742-1",
          "https://www.djangoproject.com/weblog/2021/feb/19/security-releases/",
          "https://www.oracle.com/security-alerts/cpuApr2021.html"
        ],
        "PublishedDate": "2021-02-15T13:15:00Z",
        "LastModifiedDate": "2021-06-17T17:13:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5concurrent5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5concurrent5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5core5a",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5core5a",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5dbus5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5dbus5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5gui5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5gui5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5network5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5network5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5printsupport5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5printsupport5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5widgets5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5widgets5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13962",
        "PkgName": "libqt5xml5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13962",
        "Title": "qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications",
        "Description": "Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.)",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00004.html",
          "https://bugreports.qt.io/browse/QTBUG-83450",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13962",
          "https://github.com/mumble-voip/mumble/issues/3679",
          "https://github.com/mumble-voip/mumble/pull/4032",
          "https://linux.oracle.com/cve/CVE-2020-13962.html",
          "https://linux.oracle.com/errata/ELSA-2020-4690.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X6EDPIIAQPVP2CHL2CHDHJ25EECA7UE/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJDBZUYMMF4R5QQKD2HTIKQU2NSKO63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3IZY7LKJ6NAXQDFYFR4S7L5BBHYK53K/",
          "https://security.gentoo.org/glsa/202007-18"
        ],
        "PublishedDate": "2020-06-09T00:15:00Z",
        "LastModifiedDate": "2020-10-05T19:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17507",
        "PkgName": "libqt5xml5",
        "InstalledVersion": "5.12.8+dfsg-0ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17507",
        "Title": "qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp",
        "Description": "An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00104.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00105.html",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308436",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308495",
          "https://codereview.qt-project.org/c/qt/qtbase/+/308496",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507",
          "https://linux.oracle.com/cve/CVE-2020-17507.html",
          "https://linux.oracle.com/errata/ELSA-2021-1756.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html",
          "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/426FCC6JNK4JUEX5QHJQDYQ6MUVQ3E6P/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBPZVZNEYXGATTXM4WOE7OQ55VAKPVD6/",
          "https://security.gentoo.org/glsa/202009-04"
        ],
        "PublishedDate": "2020-08-12T18:15:00Z",
        "LastModifiedDate": "2020-09-30T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9794",
        "PkgName": "libsqlite3-0",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9794",
        "Description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "V2Score": 5.8,
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/HT211168",
          "https://support.apple.com/HT211170",
          "https://support.apple.com/HT211171",
          "https://support.apple.com/HT211175",
          "https://support.apple.com/HT211178",
          "https://support.apple.com/HT211179",
          "https://support.apple.com/HT211181",
          "https://vuldb.com/?id.155768"
        ],
        "PublishedDate": "2020-06-09T17:15:00Z",
        "LastModifiedDate": "2021-03-09T16:00:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9849",
        "PkgName": "libsqlite3-0",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9849",
        "Description": "An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 6.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT211843",
          "https://support.apple.com/en-us/HT211844",
          "https://support.apple.com/en-us/HT211850",
          "https://support.apple.com/en-us/HT211931",
          "https://support.apple.com/en-us/HT211935",
          "https://support.apple.com/en-us/HT211952",
          "https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/"
        ],
        "PublishedDate": "2020-12-08T20:15:00Z",
        "LastModifiedDate": "2021-03-09T16:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9991",
        "PkgName": "libsqlite3-0",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9991",
        "Description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.",
        "Severity": "LOW",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT211843",
          "https://support.apple.com/en-us/HT211844",
          "https://support.apple.com/en-us/HT211847",
          "https://support.apple.com/en-us/HT211850",
          "https://support.apple.com/en-us/HT211931",
          "https://support.apple.com/kb/HT211846",
          "https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/"
        ],
        "PublishedDate": "2020-12-08T22:15:00Z",
        "LastModifiedDate": "2021-03-09T16:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9794",
        "PkgName": "libsqlite3-dev",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9794",
        "Description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "V2Score": 5.8,
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/HT211168",
          "https://support.apple.com/HT211170",
          "https://support.apple.com/HT211171",
          "https://support.apple.com/HT211175",
          "https://support.apple.com/HT211178",
          "https://support.apple.com/HT211179",
          "https://support.apple.com/HT211181",
          "https://vuldb.com/?id.155768"
        ],
        "PublishedDate": "2020-06-09T17:15:00Z",
        "LastModifiedDate": "2021-03-09T16:00:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9849",
        "PkgName": "libsqlite3-dev",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9849",
        "Description": "An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 6.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT211843",
          "https://support.apple.com/en-us/HT211844",
          "https://support.apple.com/en-us/HT211850",
          "https://support.apple.com/en-us/HT211931",
          "https://support.apple.com/en-us/HT211935",
          "https://support.apple.com/en-us/HT211952",
          "https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/"
        ],
        "PublishedDate": "2020-12-08T20:15:00Z",
        "LastModifiedDate": "2021-03-09T16:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9991",
        "PkgName": "libsqlite3-dev",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9991",
        "Description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.",
        "Severity": "LOW",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT211843",
          "https://support.apple.com/en-us/HT211844",
          "https://support.apple.com/en-us/HT211847",
          "https://support.apple.com/en-us/HT211850",
          "https://support.apple.com/en-us/HT211931",
          "https://support.apple.com/kb/HT211846",
          "https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/"
        ],
        "PublishedDate": "2020-12-08T22:15:00Z",
        "LastModifiedDate": "2021-03-09T16:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13844",
        "PkgName": "libstdc++-9-dev",
        "InstalledVersion": "9.3.0-17ubuntu1~20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13844",
        "Title": "kernel: ARM straight-line speculation vulnerability",
        "Description": "Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka \"straight-line speculation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00039.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00040.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation",
          "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions",
          "https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=679db70801da9fda91d26caf13bf5b5ccc74e8e8"
        ],
        "PublishedDate": "2020-06-08T23:15:00Z",
        "LastModifiedDate": "2020-10-18T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-11803",
        "PkgName": "libsvn1",
        "InstalledVersion": "1.13.0-3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11803",
        "Title": "subversion: malicious SVN clients can crash mod_dav_svn",
        "Description": "Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-824"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106770",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803",
          "https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003@%3Cdev.subversion.apache.org%3E",
          "https://security.gentoo.org/glsa/201904-08",
          "https://subversion.apache.org/security/CVE-2018-11803-advisory.txt",
          "https://ubuntu.com/security/notices/USN-3869-1",
          "https://usn.ubuntu.com/3869-1/"
        ],
        "PublishedDate": "2019-02-05T17:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17525",
        "PkgName": "libsvn1",
        "InstalledVersion": "1.13.0-3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17525",
        "Title": "subversion: Remote unauthenticated denial of service in mod_authz_svn",
        "Description": "Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525",
          "https://linux.oracle.com/cve/CVE-2020-17525.html",
          "https://linux.oracle.com/errata/ELSA-2021-0507.html",
          "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html",
          "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
        ],
        "PublishedDate": "2021-03-17T10:15:00Z",
        "LastModifiedDate": "2021-05-04T09:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "libsystemd0",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-1000654",
        "PkgName": "libtasn1-6",
        "InstalledVersion": "4.16.0-2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1000654",
        "Title": "libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion",
        "Description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.",
        "Severity": "LOW",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 4
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html",
          "http://www.securityfocus.com/bid/105151",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654",
          "https://gitlab.com/gnutls/libtasn1/issues/4",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-08-20T19:31:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-10126",
        "PkgName": "libtiff-dev",
        "InstalledVersion": "4.1.0+git191117-2ubuntu0.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10126",
        "Title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c",
        "Description": "LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://bugzilla.maptools.org/show_bug.cgi?id=2786",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10126",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-04-21T21:29:00Z",
        "LastModifiedDate": "2021-03-15T22:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-10126",
        "PkgName": "libtiff5",
        "InstalledVersion": "4.1.0+git191117-2ubuntu0.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10126",
        "Title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c",
        "Description": "LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://bugzilla.maptools.org/show_bug.cgi?id=2786",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10126",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-04-21T21:29:00Z",
        "LastModifiedDate": "2021-03-15T22:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-10126",
        "PkgName": "libtiffxx5",
        "InstalledVersion": "4.1.0+git191117-2ubuntu0.20.04.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-10126",
        "Title": "libtiff: NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c",
        "Description": "LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://bugzilla.maptools.org/show_bug.cgi?id=2786",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10126",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"
        ],
        "PublishedDate": "2018-04-21T21:29:00Z",
        "LastModifiedDate": "2021-03-15T22:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "libudev1",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-9180",
        "PkgName": "libxml-twig-perl",
        "InstalledVersion": "1:3.50-2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-9180",
        "Title": "perl-XML-Twig:  expand_external_ents option fails to work as documented",
        "Description": "perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-611"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "V2Score": 6.4,
            "V3Score": 9.1
          },
          "redhat": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "V2Score": 5.8,
            "V3Score": 7.1
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00020.html",
          "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00033.html",
          "http://www.openwall.com/lists/oss-security/2016/11/02/1",
          "http://www.openwall.com/lists/oss-security/2016/11/04/2",
          "http://www.securityfocus.com/bid/94219",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9180"
        ],
        "PublishedDate": "2016-12-22T21:59:00Z",
        "LastModifiedDate": "2020-08-14T21:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-9019",
        "PkgName": "libxslt1.1",
        "InstalledVersion": "1.1.34-4",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-9019",
        "Title": "libxslt: math.random() in xslt uses unseeded randomness",
        "Description": "In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-330"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "V2Score": 5,
            "V3Score": 5.3
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "V3Score": 4
          }
        },
        "References": [
          "https://bugzilla.gnome.org/show_bug.cgi?id=758400",
          "https://bugzilla.suse.com/show_bug.cgi?id=934119",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9019"
        ],
        "PublishedDate": "2017-04-05T21:59:00Z",
        "LastModifiedDate": "2017-04-11T19:57:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-15166",
        "PkgName": "libzmq3-dev",
        "InstalledVersion": "4.3.2-2ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15166",
        "Title": "zeromq: unauthenticated clients causing denial-of-service",
        "Description": "In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166",
          "https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09",
          "https://github.com/zeromq/libzmq/pull/3913",
          "https://github.com/zeromq/libzmq/pull/3973",
          "https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m",
          "https://lists.debian.org/debian-lts-announce/2020/11/msg00017.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ5IMNQXDB52JFBXHFLK4AHVORFELNNG/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFW2ZELCCPS4VLU4OSJOH5YL6KFKTFYW/",
          "https://security.gentoo.org/glsa/202009-12",
          "https://www.openwall.com/lists/oss-security/2020/09/07/3"
        ],
        "PublishedDate": "2020-09-11T16:15:00Z",
        "LastModifiedDate": "2020-11-10T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20235",
        "PkgName": "libzmq3-dev",
        "InstalledVersion": "4.3.2-2ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20235",
        "Title": "zeromq: Heap overflow when receiving malformed ZMTP v1 packets",
        "Description": "There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-120",
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1921983",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20235",
          "https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6"
        ],
        "PublishedDate": "2021-04-01T14:15:00Z",
        "LastModifiedDate": "2021-04-06T17:34:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20236",
        "PkgName": "libzmq3-dev",
        "InstalledVersion": "4.3.2-2ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20236",
        "Title": "zeromq: Stack overflow on server running PUB/XPUB socket",
        "Description": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-787",
          "CWE-120"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.5,
            "V3Score": 9.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1921976",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20236",
          "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
        ],
        "PublishedDate": "2021-05-28T11:15:00Z",
        "LastModifiedDate": "2021-06-02T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-15166",
        "PkgName": "libzmq5",
        "InstalledVersion": "4.3.2-2ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-15166",
        "Title": "zeromq: unauthenticated clients causing denial-of-service",
        "Description": "In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerability. Users with TCP transport public endpoints, even with CURVE/ZAP enabled, are impacted. If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them. This is patched in version 4.3.3.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15166",
          "https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09",
          "https://github.com/zeromq/libzmq/pull/3913",
          "https://github.com/zeromq/libzmq/pull/3973",
          "https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m",
          "https://lists.debian.org/debian-lts-announce/2020/11/msg00017.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZ5IMNQXDB52JFBXHFLK4AHVORFELNNG/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFW2ZELCCPS4VLU4OSJOH5YL6KFKTFYW/",
          "https://security.gentoo.org/glsa/202009-12",
          "https://www.openwall.com/lists/oss-security/2020/09/07/3"
        ],
        "PublishedDate": "2020-09-11T16:15:00Z",
        "LastModifiedDate": "2020-11-10T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20235",
        "PkgName": "libzmq5",
        "InstalledVersion": "4.3.2-2ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20235",
        "Title": "zeromq: Heap overflow when receiving malformed ZMTP v1 packets",
        "Description": "There's a flaw in the zeromq server in versions before 4.3.3 in src/decoder_allocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server could trigger a buffer overflow WRITE of arbitrary data if CURVE/ZAP authentication is not enabled. The greatest impact of this flaw is to application availability, data integrity, and confidentiality.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-120",
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1921983",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20235",
          "https://github.com/zeromq/libzmq/security/advisories/GHSA-fc3w-qxf5-7hp6"
        ],
        "PublishedDate": "2021-04-01T14:15:00Z",
        "LastModifiedDate": "2021-04-06T17:34:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-20236",
        "PkgName": "libzmq5",
        "InstalledVersion": "4.3.2-2ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-20236",
        "Title": "zeromq: Stack overflow on server running PUB/XPUB socket",
        "Description": "A flaw was found in the ZeroMQ server in versions before 4.3.3. This flaw allows a malicious client to cause a stack buffer overflow on the server by sending crafted topic subscription requests and then unsubscribing. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-787",
          "CWE-120"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.5,
            "V3Score": 9.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1921976",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20236",
          "https://github.com/zeromq/libzmq/security/advisories/GHSA-qq65-x72m-9wr8"
        ],
        "PublishedDate": "2021-05-28T11:15:00Z",
        "LastModifiedDate": "2021-06-02T15:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2013-7445",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-7445",
        "Title": "kernel: memory exhaustion via crafted Graphics Execution Manager (GEM) objects",
        "Description": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-399"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "V2Score": 7.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V2Score": 4.3
          }
        },
        "References": [
          "https://bugzilla.kernel.org/show_bug.cgi?id=60533",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7445",
          "https://lists.freedesktop.org/archives/dri-devel/2015-September/089778.html (potential start towards fixing)"
        ],
        "PublishedDate": "2015-10-16T01:59:00Z",
        "LastModifiedDate": "2015-10-16T16:22:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-8553",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-8553",
        "Title": "CVE-2015-2150 CVE-2015-8553 xen: non-maskable interrupts triggerable by guests (xsa120)",
        "Description": "Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0777.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 6.5
          },
          "redhat": {
            "V2Vector": "AV:A/AC:M/Au:S/C:N/I:N/A:C",
            "V2Score": 5.2
          }
        },
        "References": [
          "http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1930758 (regression mention)",
          "http://xenbits.xen.org/xsa/advisory-120.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8553",
          "https://seclists.org/bugtraq/2019/Aug/18",
          "https://www.debian.org/security/2019/dsa-4497"
        ],
        "PublishedDate": "2016-04-13T15:59:00Z",
        "LastModifiedDate": "2019-08-13T23:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-8660",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-8660",
        "Title": "kernel: xfs: local DoS due to a page lock order bug in the XFS seek hole/data implementation",
        "Description": "The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \"page lock order bug in the XFS seek hole/data implementation.\"",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-19"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.9,
            "V3Score": 5.5
          },
          "redhat": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.7,
            "V3Score": 5.5
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2016/10/13/8",
          "http://www.securityfocus.com/bid/93558",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1384851",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8660",
          "https://lore.kernel.org/linux-xfs/895314622.769515.1476375930648.JavaMail.zimbra@redhat.com/",
          "https://marc.info/?l=linux-fsdevel\u0026m=147639177409294\u0026w=2",
          "https://marc.info/?l=linux-xfs\u0026m=149498118228320\u0026w=2"
        ],
        "PublishedDate": "2016-10-16T21:59:00Z",
        "LastModifiedDate": "2016-11-28T20:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-17977",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-17977",
        "Title": "kernel: Mishandled interactions among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets resulting in a denial of service",
        "Description": "The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.9,
            "V3Score": 4.4
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 4.9
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/105539",
          "https://bugzilla.suse.com/show_bug.cgi?id=1111609",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17977",
          "https://www.openwall.com/lists/oss-security/2018/10/05/5"
        ],
        "PublishedDate": "2018-10-08T17:29:00Z",
        "LastModifiedDate": "2018-11-26T15:51:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-12363",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-12363",
        "Title": "kernel: Improper input validation in some Intel(R) Graphics Drivers",
        "Description": "Improper input validation in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12363",
          "https://linux.oracle.com/cve/CVE-2020-12363.html",
          "https://linux.oracle.com/errata/ELSA-2021-2314.html",
          "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"
        ],
        "PublishedDate": "2021-02-17T14:15:00Z",
        "LastModifiedDate": "2021-02-22T19:01:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-12364",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-12364",
        "Title": "kernel: Null pointer dereference in some Intel(R) Graphics Drivers",
        "Description": "Null pointer reference in some Intel(R) Graphics Drivers for Windows* before version 26.20.100.7212 and before version Linux kernel version 5.5 may allow a privileged user to potentially enable a denial of service via local access.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12364",
          "https://linux.oracle.com/cve/CVE-2020-12364.html",
          "https://linux.oracle.com/errata/ELSA-2021-2314.html",
          "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html"
        ],
        "PublishedDate": "2021-02-17T14:15:00Z",
        "LastModifiedDate": "2021-02-22T19:09:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-24504",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-24504",
        "Title": "kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers",
        "Description": "Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-400"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24504",
          "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html"
        ],
        "PublishedDate": "2021-02-17T14:15:00Z",
        "LastModifiedDate": "2021-02-22T15:28:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-26541",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-26541",
        "Title": "kernel: security bypass in certs/blacklist.c and certs/system_keyring.c",
        "Description": "The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.9,
            "V3Score": 6.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26541",
          "https://linux.oracle.com/cve/CVE-2020-26541.html",
          "https://linux.oracle.com/errata/ELSA-2020-5913.html",
          "https://lkml.org/lkml/2020/9/15/1871",
          "https://lore.kernel.org/lkml/161428671215.677100.6372209948022011988.stgit@warthog.procyon.org.uk/",
          "https://lore.kernel.org/lkml/1884195.1615482306@warthog.procyon.org.uk/",
          "https://lore.kernel.org/lkml/20200916004927.64276-1-eric.snowberg@oracle.com/",
          "https://lore.kernel.org/lkml/20210122181054.32635-1-eric.snowberg@oracle.com/"
        ],
        "PublishedDate": "2020-10-02T19:15:00Z",
        "LastModifiedDate": "2020-10-05T02:17:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-27835",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27835",
        "Title": "kernel: child process is able to access parent mm through hfi dev file handle",
        "Description": "A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-416"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.9,
            "V3Score": 4.4
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 6.4
          }
        },
        "References": [
          "https://bugzilla.redhat.com/show_bug.cgi?id=1901709",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27835",
          "https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79",
          "https://linux.oracle.com/cve/CVE-2020-27835.html",
          "https://linux.oracle.com/errata/ELSA-2021-1578.html",
          "https://ubuntu.com/security/notices/USN-4751-1"
        ],
        "PublishedDate": "2021-01-07T18:15:00Z",
        "LastModifiedDate": "2021-01-14T15:12:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-29534",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29534",
        "Title": "kernel: io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd() allowing for privileges escalation",
        "Description": "An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.2,
            "V3Score": 7.8
          }
        },
        "References": [
          "https://bugs.chromium.org/p/project-zero/issues/detail?id=2089",
          "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9.3",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29534",
          "https://git.kernel.org/linus/0f2122045b946241a9e549c2a76cea54fa58a7ff",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f2122045b946241a9e549c2a76cea54fa58a7ff",
          "https://ubuntu.com/security/notices/USN-4678-1"
        ],
        "PublishedDate": "2020-12-03T20:15:00Z",
        "LastModifiedDate": "2021-06-02T15:31:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36310",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36310",
        "Title": "kernel: infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c for certain nested page faults",
        "Description": "An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.8",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36310",
          "https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e72436bc3a5206f95bb384e741154166ddb3202e",
          "https://linux.oracle.com/cve/CVE-2020-36310.html",
          "https://linux.oracle.com/errata/ELSA-2021-9307.html"
        ],
        "PublishedDate": "2021-04-07T00:15:00Z",
        "LastModifiedDate": "2021-04-13T11:51:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-36311",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-36311",
        "Title": "kernel: DoS by triggering destruction of a large SEV VM",
        "Description": "An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 2.8
          }
        },
        "References": [
          "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.9",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36311",
          "https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7be74942f184fdfba34ddd19a0d995deb34d4a03"
        ],
        "PublishedDate": "2021-04-07T00:15:00Z",
        "LastModifiedDate": "2021-04-13T18:24:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-26932",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-26932",
        "Title": "ELSA-2021-9136:  Unbreakable Enterprise kernel-container security update (IMPORTANT)",
        "Description": "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.",
        "Severity": "MEDIUM",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 1.9,
            "V3Score": 5.5
          }
        },
        "References": [
          "http://xenbits.xen.org/xsa/advisory-361.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26932",
          "https://linux.oracle.com/cve/CVE-2021-26932.html",
          "https://linux.oracle.com/errata/ELSA-2021-9136.html",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html",
          "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/",
          "https://security.netapp.com/advisory/ntap-20210326-0001/",
          "https://www.openwall.com/lists/oss-security/2021/02/16/3",
          "https://xenbits.xen.org/xsa/advisory-361.html"
        ],
        "PublishedDate": "2021-02-17T02:15:00Z",
        "LastModifiedDate": "2021-03-31T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-29155",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-29155",
        "Title": "kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory",
        "Description": "An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 4.4
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29155",
          "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CUX2CA63453G34C6KYVBLJXJXEARZI2X/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAEQ3H6HKNO6KUCGRZVYSFSAGEUX23JL/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZASHZVCOFJ4VU2I3BN5W5EPHWJQ7QWX/",
          "https://ubuntu.com/security/notices/USN-4977-1",
          "https://ubuntu.com/security/notices/USN-4983-1",
          "https://ubuntu.com/security/notices/USN-4999-1",
          "https://www.kernel.org",
          "https://www.openwall.com/lists/oss-security/2021/04/18/4"
        ],
        "PublishedDate": "2021-04-20T16:15:00Z",
        "LastModifiedDate": "2021-06-23T02:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-32078",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-32078",
        "Title": "kernel: out-of-bounds read in arch/arm/mach-footbridge/personal-pci.c due to improper input validation",
        "Description": "An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "V2Score": 6.6,
            "V3Score": 7.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.4
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32078",
          "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=298a58e165e447ccfaae35fe9f651f9d7e15166f",
          "https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1)",
          "https://github.com/torvalds/linux/commit/298a58e165e447ccfaae35fe9f651f9d7e15166f",
          "https://kirtikumarar.com/CVE-2021-32078.txt"
        ],
        "PublishedDate": "2021-06-17T15:15:00Z",
        "LastModifiedDate": "2021-06-22T18:10:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-33624",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33624",
        "Title": "kernel: Linux kernel BPF protection against speculative execution attacks can be bypassed to read arbitrary kernel memory",
        "Description": "In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.",
        "Severity": "MEDIUM",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.1
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/06/21/1",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33624",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9183671af6dbf60a1219371d4ed73e23f43b49db",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=973377ffe8148180b2651825b92ae91988141b05",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d203b0fd863a2261e5d00b97f3d060c4c2a6db71",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe9a5ca7e370e613a9a75a13008a3845ea759d6e",
          "https://github.com/torvalds/linux/commit/9183671af6dbf60a1219371d4ed73e23f43b49db",
          "https://www.openwall.com/lists/oss-security/2021/06/21/1",
          "https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner"
        ],
        "PublishedDate": "2021-06-23T16:15:00Z",
        "LastModifiedDate": "2021-06-23T20:36:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3564",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3564",
        "Title": "kernel: double free in bluetooth subsystem when the HCI device initialization fails",
        "Description": "A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "V3Score": 6.3
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/05/25/1",
          "http://www.openwall.com/lists/oss-security/2021/06/01/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1964139",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3564",
          "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html",
          "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html",
          "https://lore.kernel.org/linux-bluetooth/20210525123902.189012-1-gregkh@linuxfoundation.org/",
          "https://www.openwall.com/lists/oss-security/2021/05/25/1"
        ],
        "PublishedDate": "2021-06-08T12:15:00Z",
        "LastModifiedDate": "2021-06-23T02:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3573",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3573",
        "Title": "kernel: use-after-free in function hci_sock_bound_ioctl()",
        "Description": "A flaw use-after-free in the Linux kernel HCI subsystem was found in the way user detaches bluetooth dongle or other way triggers unregister bluetooth device event. A local user could use this flaw to crash the system or escalate their privileges on the system.",
        "Severity": "MEDIUM",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 7.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3573",
          "https://www.openwall.com/lists/oss-security/2021/06/08/2"
        ]
      },
      {
        "VulnerabilityID": "CVE-2021-3587",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3587",
        "Title": "kernel: nfc: Null pointer dereference in llcp_sock_getname",
        "Description": "A flaw was found in the Linux kernel. A null pointer dereference in llcp_sock_getname in net/nfc/llcp_sock.c can lead to an unprivileged user triggering this bug, causing denial of service.",
        "Severity": "MEDIUM",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3587",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ac06a1e013cf5fdd963317ffd3b968560f33bba",
          "https://www.openwall.com/lists/oss-security/2021/06/01/1",
          "https://www.openwall.com/lists/oss-security/2021/06/06/2",
          "https://www.openwall.com/lists/oss-security/2021/06/08/1"
        ]
      },
      {
        "VulnerabilityID": "CVE-2017-0537",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-0537",
        "Description": "An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V2Score": 2.6,
            "V3Score": 4.7
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/96831",
          "http://www.securitytracker.com/id/1037968",
          "https://android.googlesource.com/kernel/tegra.git/+/389b185cb2f17fff994dbdf8d4bac003d4b2b6b3%5E%21/#F0",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0537",
          "https://lore.kernel.org/lkml/1484647168-30135-1-git-send-email-jilin@nvidia.com/#t",
          "https://source.android.com/security/bulletin/2017-01-01.html",
          "https://source.android.com/security/bulletin/2017-03-01",
          "https://source.android.com/security/bulletin/2017-03-01.html"
        ],
        "PublishedDate": "2017-03-08T01:59:00Z",
        "LastModifiedDate": "2017-07-17T13:18:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13165",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13165",
        "Description": "An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.",
        "Severity": "LOW",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 4.6,
            "V3Score": 7.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13165",
          "https://github.com/aosp-mirror/platform_system_core/commit/15ffc53f6d57a46e3041453865311035a18e047a",
          "https://source.android.com/security/bulletin/pixel/2017-12-01"
        ],
        "PublishedDate": "2017-12-06T14:29:00Z",
        "LastModifiedDate": "2019-10-03T00:03:00Z"
      },
      {
        "VulnerabilityID": "CVE-2017-13693",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2017-13693",
        "Title": "kernel: ACPI operand cache leak in dsutils.c",
        "Description": "The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 4.9,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/100502",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13693",
          "https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732",
          "https://patchwork.kernel.org/patch/9919053/"
        ],
        "PublishedDate": "2017-08-25T08:29:00Z",
        "LastModifiedDate": "2017-09-20T14:51:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-1121",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-1121",
        "Title": "procps-ng, procps: process hiding through race condition enumerating /proc",
        "Description": "procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-362"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
            "V3Score": 3.9
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2018/q2/122",
          "http://www.securityfocus.com/bid/104214",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1121",
          "https://www.exploit-db.com/exploits/44806/",
          "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
        ],
        "PublishedDate": "2018-06-13T20:29:00Z",
        "LastModifiedDate": "2020-06-30T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-12928",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12928",
        "Title": "kernel: NULL pointer dereference in hfs_ext_read_extent in hfs.ko",
        "Description": "In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.9,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 5
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/104593",
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763384",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12928",
          "https://groups.google.com/forum/#!msg/syzkaller-bugs/9SgQk_6tSZ4/zLhTm4r1AwAJ",
          "https://lore.kernel.org/linux-fsdevel/20180418173028.GA30953@bombadil.infradead.org/",
          "https://marc.info/?l=linux-fsdevel\u0026m=152407263325766\u0026w=2"
        ],
        "PublishedDate": "2018-06-28T14:29:00Z",
        "LastModifiedDate": "2018-08-21T11:55:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-12929",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12929",
        "Title": "kernel: use-after-free in ntfs_read_locked_inode in the ntfs.ko",
        "Description": "ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via a crafted ntfs filesystem.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-416"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.9,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 4.6
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/104588",
          "https://access.redhat.com/errata/RHSA-2019:0641",
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12929",
          "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2"
        ],
        "PublishedDate": "2018-06-28T14:29:00Z",
        "LastModifiedDate": "2019-03-26T13:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-12930",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12930",
        "Title": "kernel: stack-based out-of-bounds write in ntfs_end_buffer_async_read in the ntfs.ko",
        "Description": "ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.2,
            "V3Score": 7.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 4.6
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/104588",
          "https://access.redhat.com/errata/RHSA-2019:0641",
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12930",
          "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2"
        ],
        "PublishedDate": "2018-06-28T14:29:00Z",
        "LastModifiedDate": "2019-03-26T13:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-12931",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-12931",
        "Title": "kernel: stack-based out-of-bounds write in ntfs_attr_find in the ntfs.ko",
        "Description": "ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possibly have unspecified other impact via a crafted ntfs filesystem.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 7.2,
            "V3Score": 7.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 4.6
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/104588",
          "https://access.redhat.com/errata/RHSA-2019:0641",
          "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1763403",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12931",
          "https://marc.info/?l=linux-ntfs-dev\u0026m=152413769810234\u0026w=2"
        ],
        "PublishedDate": "2018-06-28T14:29:00Z",
        "LastModifiedDate": "2019-03-26T13:35:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-14899",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-14899",
        "Title": "VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnel",
        "Description": "A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-300"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 4.9,
            "V3Score": 7.4
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 7.4
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "http://seclists.org/fulldisclosure/2020/Jul/23",
          "http://seclists.org/fulldisclosure/2020/Jul/24",
          "http://seclists.org/fulldisclosure/2020/Jul/25",
          "http://seclists.org/fulldisclosure/2020/Nov/20",
          "http://www.openwall.com/lists/oss-security/2020/08/13/2",
          "http://www.openwall.com/lists/oss-security/2020/10/07/3",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14899",
          "https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/",
          "https://support.apple.com/kb/HT211288",
          "https://support.apple.com/kb/HT211289",
          "https://support.apple.com/kb/HT211290",
          "https://support.apple.com/kb/HT211850",
          "https://support.apple.com/kb/HT211931",
          "https://www.openwall.com/lists/oss-security/2019/12/05/1"
        ],
        "PublishedDate": "2019-12-11T15:15:00Z",
        "LastModifiedDate": "2020-12-15T20:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-15213",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-15213",
        "Title": "kernel: use-after-free caused by malicious USB device in drivers/media/usb/dvb-usb/dvb-usb-init.c",
        "Description": "An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-416"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.9,
            "V3Score": 4.6
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.3
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html",
          "http://www.openwall.com/lists/oss-security/2019/08/20/2",
          "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15213",
          "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6cf97230cd5f36b7665099083272595c55d72be7",
          "https://linux.oracle.com/cve/CVE-2019-15213.html",
          "https://linux.oracle.com/errata/ELSA-2019-4872.html",
          "https://lore.kernel.org/linux-media/fe983331d14442a96db3f71066ca0488a8921840.camel@decadent.org.uk/",
          "https://security.netapp.com/advisory/ntap-20190905-0002/",
          "https://syzkaller.appspot.com/bug?id=a53c9c9dd2981bfdbfbcbc1ddbd35595eda8bced"
        ],
        "PublishedDate": "2019-08-19T22:15:00Z",
        "LastModifiedDate": "2019-09-06T00:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-16230",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16230",
        "Title": "kernel: null pointer dereference in drivers/gpu/drm/radeon/radeon_display.c",
        "Description": "** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.7,
            "V3Score": 4.7
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 4.7
          }
        },
        "References": [
          "https://bugzilla.suse.com/show_bug.cgi?id=1150468",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16230",
          "https://lkml.org/lkml/2019/9/9/487",
          "https://security.netapp.com/advisory/ntap-20191004-0001/"
        ],
        "PublishedDate": "2019-09-11T16:15:00Z",
        "LastModifiedDate": "2020-05-04T19:09:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19378",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19378",
        "Title": "kernel: out-of-bounds write in index_rbio_pages in fs/btrfs/raid56.c",
        "Description": "In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 7.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V3Score": 7.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19378",
          "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19378",
          "https://security.netapp.com/advisory/ntap-20200103-0001/"
        ],
        "PublishedDate": "2019-11-29T17:15:00Z",
        "LastModifiedDate": "2020-01-03T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-19814",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-19814",
        "Title": "kernel: out-of-bounds write in __remove_dirty_segment in fs/f2fs/segment.c",
        "Description": "In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "V2Score": 9.3,
            "V3Score": 7.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
            "V3Score": 7.3
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19814",
          "https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19814",
          "https://security.netapp.com/advisory/ntap-20200103-0001/"
        ],
        "PublishedDate": "2019-12-17T06:15:00Z",
        "LastModifiedDate": "2020-01-03T11:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-11725",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-11725",
        "Title": "kernel: improper handling of private_size*count multiplication due to count=info-\u003eowner typo",
        "Description": "** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u003eowner line, which later affects a private_size*count multiplication for unspecified \"interesting side effects.\" NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u003eowner field to represent data unrelated to the \"owner\" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u003eowner field in a safe way.",
        "Severity": "LOW",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 4.6,
            "V3Score": 7.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11725",
          "https://github.com/torvalds/linux/blob/3b2549a3740efb8af0150415737067d87e466c5b/sound/core/control.c#L1434-L1474",
          "https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/",
          "https://twitter.com/yabbadabbadrew/status/1248632267028582400"
        ],
        "PublishedDate": "2020-04-12T22:15:00Z",
        "LastModifiedDate": "2020-04-14T18:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14304",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14304",
        "Title": "kernel: ethtool when reading eeprom of device could lead to memory leak",
        "Description": "A memory disclosure flaw was found in the Linux kernel's ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-755"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 2.1,
            "V3Score": 4.4
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 4.4
          }
        },
        "References": [
          "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960702",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14304",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14304",
          "https://lore.kernel.org/netdev/20200517172053.GA734488@decadent.org.uk/T/"
        ],
        "PublishedDate": "2020-09-15T20:15:00Z",
        "LastModifiedDate": "2020-09-24T16:50:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-3428",
        "PkgName": "linux-libc-dev",
        "InstalledVersion": "5.4.0-77.86",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-3428",
        "Title": "kernel: integer overflow in ext4_es_cache_extent",
        "Description": "A flaw was found in the Linux kernel. A denial of service problem is identified if an extent tree is corrupted in a crafted ext4 filesystem in fs/ext4/extents.c in ext4_es_cache_extent. Fabricating an integer overflow, A local attacker with a special user privilege may cause a system crash problem which can lead to an availability threat.",
        "Severity": "LOW",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 4.4
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3428",
          "https://linux.oracle.com/cve/CVE-2021-3428.html",
          "https://linux.oracle.com/errata/ELSA-2021-9223.html",
          "https://ubuntu.com/security/notices/USN-4979-1",
          "https://www.openwall.com/lists/oss-security/2021/03/17/1",
          "https://www.openwall.com/lists/oss-security/2021/03/17/13",
          "https://www.openwall.com/lists/oss-security/2021/03/17/5"
        ]
      },
      {
        "VulnerabilityID": "CVE-2016-10228",
        "PkgName": "locales",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-10228",
        "Title": "glibc: iconv program can hang when invoked with the -c option",
        "Description": "The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-20"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://openwall.com/lists/oss-security/2017/03/01/10",
          "http://www.securityfocus.com/bid/96525",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228",
          "https://linux.oracle.com/cve/CVE-2016-10228.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2017-03-02T01:59:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-25013",
        "PkgName": "locales",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-25013",
        "Title": "glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding",
        "Description": "The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 7.1,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013",
          "https://linux.oracle.com/cve/CVE-2019-25013.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://lists.apache.org/thread.html/r32d767ac804e9b8aad4355bb85960a6a1385eab7afff549a5e98660f@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r448bb851cc8e6e3f93f3c28c70032b37062625d81214744474ac49e7@%3Cdev.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r499e4f96d0b5109ef083f2feccd33c51650c1b7d7068aa3bd47efca9@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r5af4430421bb6f9973294691a7904bbd260937e9eef96b20556f43ff@%3Cjira.kafka.apache.org%3E",
          "https://lists.apache.org/thread.html/r750eee18542bc02bd8350861c424ee60a9b9b225568fa09436a37ece@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/r7a2e94adfe0a2f0a1d42e4927e8c32ecac97d37db9cb68095fe9ddbc@%3Cdev.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4Y6TX47P47KABSFOL26FLDNVCWXDKDEZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.netapp.com/advisory/ntap-20210205-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=24973",
          "https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b"
        ],
        "PublishedDate": "2021-01-04T18:15:00Z",
        "LastModifiedDate": "2021-06-22T14:47:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-27618",
        "PkgName": "locales",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-27618",
        "Title": "glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-835"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618",
          "https://linux.oracle.com/cve/CVE-2020-27618.html",
          "https://linux.oracle.com/errata/ELSA-2021-9280.html",
          "https://security.netapp.com/advisory/ntap-20210401-0006/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26224"
        ],
        "PublishedDate": "2021-02-26T23:15:00Z",
        "LastModifiedDate": "2021-04-01T08:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-29562",
        "PkgName": "locales",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29562",
        "Title": "glibc: assertion failure in iconv when converting invalid UCS4",
        "Description": "The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-617"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 2.1,
            "V3Score": 4.8
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 4.8
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVCUNLQ3HXGS4VPUQKWTJGRAW2KTFGXS/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://security.netapp.com/advisory/ntap-20210122-0004/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=26923",
          "https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html"
        ],
        "PublishedDate": "2020-12-04T07:15:00Z",
        "LastModifiedDate": "2021-03-19T18:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-6096",
        "PkgName": "locales",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-6096",
        "Title": "glibc: signed comparison vulnerability in the ARMv7 memcpy function",
        "Description": "An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-191"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.8,
            "V3Score": 8.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/",
          "https://security.gentoo.org/glsa/202101-20",
          "https://sourceware.org/bugzilla/attachment.cgi?id=12334",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=25620",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019",
          "https://ubuntu.com/security/notices/USN-4954-1",
          "https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019"
        ],
        "PublishedDate": "2020-04-01T22:15:00Z",
        "LastModifiedDate": "2021-03-04T20:46:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-27645",
        "PkgName": "locales",
        "InstalledVersion": "2.31-0ubuntu9.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-27645",
        "Title": "glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c",
        "Description": "The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V2Score": 1.9,
            "V3Score": 2.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 2.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/",
          "https://sourceware.org/bugzilla/show_bug.cgi?id=27462"
        ],
        "PublishedDate": "2021-02-24T15:15:00Z",
        "LastModifiedDate": "2021-05-22T03:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2013-4235",
        "PkgName": "login",
        "InstalledVersion": "1:4.8.1-1ubuntu5.20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235",
        "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees",
        "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-367"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 3.3,
            "V3Score": 4.7
          },
          "redhat": {
            "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "V2Score": 3.7,
            "V3Score": 4.4
          }
        },
        "References": [
          "https://access.redhat.com/security/cve/cve-2013-4235",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security-tracker.debian.org/tracker/CVE-2013-4235"
        ],
        "PublishedDate": "2019-12-03T15:15:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14145",
        "PkgName": "openssh-client",
        "InstalledVersion": "1:8.2p1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14145",
        "Title": "openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation",
        "Description": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2020/12/02/1",
          "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145",
          "https://docs.ssh-mitm.at/CVE-2020-14145.html",
          "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
          "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
          "https://security.gentoo.org/glsa/202105-35",
          "https://security.netapp.com/advisory/ntap-20200709-0004/",
          "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
          "https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf"
        ],
        "PublishedDate": "2020-06-29T18:15:00Z",
        "LastModifiedDate": "2021-05-26T14:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14145",
        "PkgName": "openssh-server",
        "InstalledVersion": "1:8.2p1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14145",
        "Title": "openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation",
        "Description": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2020/12/02/1",
          "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145",
          "https://docs.ssh-mitm.at/CVE-2020-14145.html",
          "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
          "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
          "https://security.gentoo.org/glsa/202105-35",
          "https://security.netapp.com/advisory/ntap-20200709-0004/",
          "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
          "https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf"
        ],
        "PublishedDate": "2020-06-29T18:15:00Z",
        "LastModifiedDate": "2021-05-26T14:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-14145",
        "PkgName": "openssh-sftp-server",
        "InstalledVersion": "1:8.2p1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-14145",
        "Title": "openssh: Observable Discrepancy leading to an information leak in the algorithm negotiation",
        "Description": "The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2020/12/02/1",
          "https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145",
          "https://docs.ssh-mitm.at/CVE-2020-14145.html",
          "https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1",
          "https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py",
          "https://security.gentoo.org/glsa/202105-35",
          "https://security.netapp.com/advisory/ntap-20200709-0004/",
          "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/",
          "https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf"
        ],
        "PublishedDate": "2020-06-29T18:15:00Z",
        "LastModifiedDate": "2021-05-26T14:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2013-4235",
        "PkgName": "passwd",
        "InstalledVersion": "1:4.8.1-1ubuntu5.20.04",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2013-4235",
        "Title": "shadow-utils: TOCTOU race conditions by copying and removing directory trees",
        "Description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-367"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "V2Score": 3.3,
            "V3Score": 4.7
          },
          "redhat": {
            "V2Vector": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "V2Score": 3.7,
            "V3Score": 4.4
          }
        },
        "References": [
          "https://access.redhat.com/security/cve/cve-2013-4235",
          "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security-tracker.debian.org/tracker/CVE-2013-4235"
        ],
        "PublishedDate": "2019-12-03T15:15:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-6952",
        "PkgName": "patch",
        "InstalledVersion": "2.7.6-6",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952",
        "Title": "patch: Double free of memory in pch.c:another_hunk() causes a crash",
        "Description": "A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-415"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 3.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/103047",
          "https://access.redhat.com/errata/RHSA-2019:2033",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952",
          "https://linux.oracle.com/cve/CVE-2018-6952.html",
          "https://linux.oracle.com/errata/ELSA-2019-2033.html",
          "https://savannah.gnu.org/bugs/index.php?53133",
          "https://security.gentoo.org/glsa/201904-17"
        ],
        "PublishedDate": "2018-02-13T19:29:00Z",
        "LastModifiedDate": "2019-04-17T20:29:00Z"
      },
      {
        "VulnerabilityID": "CVE-2016-2568",
        "PkgName": "policykit-1",
        "InstalledVersion": "0.105-26ubuntu1.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2016-2568",
        "Title": "polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl",
        "Description": "pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-116"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "V2Score": 4.4,
            "V3Score": 7.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
            "V2Score": 5.1,
            "V3Score": 6.1
          }
        },
        "References": [
          "http://seclists.org/oss-sec/2016/q1/443",
          "http://www.openwall.com/lists/oss-security/2016/02/26/3",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1300746",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2568",
          "https://lore.kernel.org/patchwork/patch/793178/"
        ],
        "PublishedDate": "2017-02-13T18:59:00Z",
        "LastModifiedDate": "2017-03-09T18:30:00Z"
      },
      {
        "VulnerabilityID": "CVE-2015-5237",
        "PkgName": "protobuf-compiler",
        "InstalledVersion": "3.6.1.3-2ubuntu5",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2015-5237",
        "Title": "protobuf: integer overflow in serialization",
        "Description": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-787"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.5,
            "V3Score": 8.8
          },
          "redhat": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
            "V2Score": 2.6
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2015/08/27/2",
          "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5237",
          "https://github.com/google/protobuf/issues/760",
          "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
          "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
          "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E"
        ],
        "PublishedDate": "2017-09-25T17:29:00Z",
        "LastModifiedDate": "2021-06-24T15:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-33503",
        "PkgName": "python3-urllib3",
        "InstalledVersion": "1.25.8-2ubuntu0.1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-33503",
        "Title": "python-urllib3: Catastrophic backtracking in URL authority parser",
        "Description": "A flaw was found in python-urllib3. When provided with a URL containing many @ characters in the authority component, the authority's regular expression exhibits catastrophic backtracking. This flaw causes a denial of service if a URL is passed as a parameter or redirected via an HTTP redirect. The highest threat from this vulnerability is to system availability.",
        "Severity": "LOW",
        "CVSS": {
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33503",
          "https://github.com/advisories/GHSA-q2q7-5pp4-w6pg",
          "https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec",
          "https://github.com/urllib3/urllib3/security/advisories/GHSA-q2q7-5pp4-w6pg",
          "https://nvd.nist.gov/vuln/detail/CVE-2021-33503"
        ]
      },
      {
        "VulnerabilityID": "CVE-2021-23336",
        "PkgName": "python3.8",
        "InstalledVersion": "3.8.5-1~20.04.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23336",
        "Title": "python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters",
        "Description": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-444"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V2Score": 4,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/02/19/4",
          "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336",
          "https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)",
          "https://github.com/python/cpython/pull/24297",
          "https://linux.oracle.com/cve/CVE-2021-23336.html",
          "https://linux.oracle.com/errata/ELSA-2021-1633.html",
          "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/",
          "https://security.gentoo.org/glsa/202104-04",
          "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "https://ubuntu.com/security/notices/USN-4742-1",
          "https://www.djangoproject.com/weblog/2021/feb/19/security-releases/",
          "https://www.oracle.com/security-alerts/cpuApr2021.html"
        ],
        "PublishedDate": "2021-02-15T13:15:00Z",
        "LastModifiedDate": "2021-06-17T17:13:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-23336",
        "PkgName": "python3.8-minimal",
        "InstalledVersion": "3.8.5-1~20.04.3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-23336",
        "Title": "python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters",
        "Description": "The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-444"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V2Score": 4,
            "V3Score": 5.9
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H",
            "V3Score": 5.9
          }
        },
        "References": [
          "http://www.openwall.com/lists/oss-security/2021/02/19/4",
          "http://www.openwall.com/lists/oss-security/2021/05/01/2",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336",
          "https://github.com/python/cpython/commit/fcbe0cb04d35189401c0c880ebfb4311e952d776 (master)",
          "https://github.com/python/cpython/pull/24297",
          "https://linux.oracle.com/cve/CVE-2021-23336.html",
          "https://linux.oracle.com/errata/ELSA-2021-1633.html",
          "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E",
          "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://lists.debian.org/debian-lts-announce/2021/02/msg00030.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html",
          "https://lists.debian.org/debian-lts-announce/2021/04/msg00015.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EPYWWFDV22CJ5AOH5VCE72DOASZZ255/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YKKDLXL3UEZ3J426C2XTBS63AHE46SM/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/46N6A52EGSXHJYCZWVMBJJIH4NWIV2B5/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZTM7KLHFCE3LWSEVO2NAFLUHMGYMCRY/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHQDU7NXA7EWAE4W7VO6MURVJIULEPPR/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJXCMHLY7H3FIYLE4OKDYUILU2CCRUCZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LVNH6Z24IG3E67ZCQGGJ46FZB4XFLQNZ/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MNUN5SOMFL2BBKP6ZAICIIUPQKZDMGYO/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJSCSN722JO2E2AGPWD4NTGVELVRPB4R/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OAGSWNGZJ6HQ5ISA67SNMK3CJRKICET7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFTELUMWZE3KV3JB2H5EE6VFRZFRD5MV/",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LSKBEFI5SYEY5FM6ICZVZM5WRQUCS4/",
          "https://security.gentoo.org/glsa/202104-04",
          "https://security.netapp.com/advisory/ntap-20210326-0004/",
          "https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/",
          "https://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933",
          "https://ubuntu.com/security/notices/USN-4742-1",
          "https://www.djangoproject.com/weblog/2021/feb/19/security-releases/",
          "https://www.oracle.com/security-alerts/cpuApr2021.html"
        ],
        "PublishedDate": "2021-02-15T13:15:00Z",
        "LastModifiedDate": "2021-06-17T17:13:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9794",
        "PkgName": "sqlite3",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9794",
        "Description": "An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-125"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "V2Score": 5.8,
            "V3Score": 8.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/HT211168",
          "https://support.apple.com/HT211170",
          "https://support.apple.com/HT211171",
          "https://support.apple.com/HT211175",
          "https://support.apple.com/HT211178",
          "https://support.apple.com/HT211179",
          "https://support.apple.com/HT211181",
          "https://vuldb.com/?id.155768"
        ],
        "PublishedDate": "2020-06-09T17:15:00Z",
        "LastModifiedDate": "2021-03-09T16:00:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9849",
        "PkgName": "sqlite3",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9849",
        "Description": "An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-200"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V2Score": 4.3,
            "V3Score": 6.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT211843",
          "https://support.apple.com/en-us/HT211844",
          "https://support.apple.com/en-us/HT211850",
          "https://support.apple.com/en-us/HT211931",
          "https://support.apple.com/en-us/HT211935",
          "https://support.apple.com/en-us/HT211952",
          "https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/"
        ],
        "PublishedDate": "2020-12-08T20:15:00Z",
        "LastModifiedDate": "2021-03-09T16:38:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-9991",
        "PkgName": "sqlite3",
        "InstalledVersion": "3.31.1-4ubuntu0.2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-9991",
        "Description": "This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.",
        "Severity": "LOW",
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          }
        },
        "References": [
          "http://seclists.org/fulldisclosure/2020/Dec/32",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://support.apple.com/en-us/HT211843",
          "https://support.apple.com/en-us/HT211844",
          "https://support.apple.com/en-us/HT211847",
          "https://support.apple.com/en-us/HT211850",
          "https://support.apple.com/en-us/HT211931",
          "https://support.apple.com/kb/HT211846",
          "https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/"
        ],
        "PublishedDate": "2020-12-08T22:15:00Z",
        "LastModifiedDate": "2021-03-09T16:41:00Z"
      },
      {
        "VulnerabilityID": "CVE-2018-11803",
        "PkgName": "subversion",
        "InstalledVersion": "1.13.0-3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2018-11803",
        "Title": "subversion: malicious SVN clients can crash mod_dav_svn",
        "Description": "Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-824"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 5,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "V3Score": 5.3
          }
        },
        "References": [
          "http://www.securityfocus.com/bid/106770",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11803",
          "https://lists.apache.org/thread.html/fa71074862373c142d264534385f8ea5d8d6b80d27f36f3c46f55003@%3Cdev.subversion.apache.org%3E",
          "https://security.gentoo.org/glsa/201904-08",
          "https://subversion.apache.org/security/CVE-2018-11803-advisory.txt",
          "https://ubuntu.com/security/notices/USN-3869-1",
          "https://usn.ubuntu.com/3869-1/"
        ],
        "PublishedDate": "2019-02-05T17:29:00Z",
        "LastModifiedDate": "2020-08-24T17:37:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-17525",
        "PkgName": "subversion",
        "InstalledVersion": "1.13.0-3",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-17525",
        "Title": "subversion: Remote unauthenticated denial of service in mod_authz_svn",
        "Description": "Subversion's mod_authz_svn module will crash if the server is using in-repository authz rules with the AuthzSVNReposRelativeAccessFile option and a client sends a request for a non-existing repository URL. This can lead to disruption for users of the service. This issue was fixed in mod_dav_svn+mod_authz_svn servers 1.14.1 and mod_dav_svn+mod_authz_svn servers 1.10.7",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-476"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 7.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "V3Score": 7.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17525",
          "https://linux.oracle.com/cve/CVE-2020-17525.html",
          "https://linux.oracle.com/errata/ELSA-2021-0507.html",
          "https://lists.debian.org/debian-lts-announce/2021/05/msg00000.html",
          "https://subversion.apache.org/security/CVE-2020-17525-advisory.txt"
        ],
        "PublishedDate": "2021-03-17T10:15:00Z",
        "LastModifiedDate": "2021-05-04T09:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2019-16167",
        "PkgName": "sysstat",
        "InstalledVersion": "12.2.0-2",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-16167",
        "Title": "sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c",
        "Description": "sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-190"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V2Score": 4.3,
            "V3Score": 5.5
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "V3Score": 5.5
          }
        },
        "References": [
          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00067.html",
          "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16167",
          "https://github.com/sysstat/sysstat/compare/v12.1.5...v12.1.6",
          "https://github.com/sysstat/sysstat/issues/230",
          "https://linux.oracle.com/cve/CVE-2019-16167.html",
          "https://linux.oracle.com/errata/ELSA-2020-4638.html",
          "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVSMKUPWIGQYX4G5LZXL7ZBJN3KY6RM3/",
          "https://ubuntu.com/security/notices/USN-4242-1",
          "https://usn.ubuntu.com/4242-1/"
        ],
        "PublishedDate": "2019-09-09T17:15:00Z",
        "LastModifiedDate": "2019-10-28T16:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "systemd",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "systemd-sysv",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "systemd-timesyncd",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2020-13529",
        "PkgName": "udev",
        "InstalledVersion": "245.4-4ubuntu3.7",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-13529",
        "Title": "systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured",
        "Description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-290"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:A/AC:M/Au:N/C:N/I:N/A:P",
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V2Score": 2.9,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "V3Score": 6.1
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529",
          "https://security.netapp.com/advisory/ntap-20210625-0005/",
          "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
        ],
        "PublishedDate": "2021-05-10T16:15:00Z",
        "LastModifiedDate": "2021-06-25T06:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2021-31879",
        "PkgName": "wget",
        "InstalledVersion": "1.20.3-1ubuntu1",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-31879",
        "Title": "wget: authorization header disclosure on redirect",
        "Description": "GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.",
        "Severity": "MEDIUM",
        "CweIDs": [
          "CWE-601"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "V2Score": 5.8,
            "V3Score": 6.1
          },
          "redhat": {
            "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "V3Score": 6.5
          }
        },
        "References": [
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879",
          "https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html",
          "https://savannah.gnu.org/bugs/?56909",
          "https://security.netapp.com/advisory/ntap-20210618-0002/"
        ],
        "PublishedDate": "2021-04-29T05:15:00Z",
        "LastModifiedDate": "2021-06-18T10:15:00Z"
      },
      {
        "VulnerabilityID": "CVE-2012-1093",
        "PkgName": "x11-common",
        "InstalledVersion": "1:7.7+19ubuntu14",
        "Layer": {
          "DiffID": "sha256:e3652816d9e71867f560317ef728c14b5d4db698dbfa3246ed9797627a6b8562"
        },
        "SeveritySource": "ubuntu",
        "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2012-1093",
        "Description": "The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.",
        "Severity": "LOW",
        "CweIDs": [
          "CWE-59"
        ],
        "CVSS": {
          "nvd": {
            "V2Vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "V2Score": 6.9,
            "V3Score": 7.8
          }
        },
        "References": [
          "http://vladz.devzero.fr/012_x11-common-vuln.html",
          "http://www.openwall.com/lists/oss-security/2012/02/29/1",
          "http://www.openwall.com/lists/oss-security/2012/03/01/1",
          "https://access.redhat.com/security/cve/cve-2012-1093",
          "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093",
          "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E",
          "https://security-tracker.debian.org/tracker/CVE-2012-1093"
        ],
        "PublishedDate": "2020-02-21T19:15:00Z",
        "LastModifiedDate": "2021-02-25T17:15:00Z"
      }
    ]
  }
]