Vulnerabilities scan with Trivy #1350

thelittlefireman · 2021-02-02T16:02:57Z

thelittlefireman
Feb 2, 2021

Hi,
could it be possible to add trivy scan on CI on docker image ?

The image base on alpine is safe, but on debian (latest) contains lots of CVE :

docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:alpine
docker run --rm -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy bitwardenrs/server:latest

alpine result :

2021-02-02T15:58:43.847Z        INFO    Detecting Alpine vulnerabilities...
2021-02-02T15:58:43.852Z        INFO    Trivy skips scanning programming language libraries because no supported file was detected

bitwardenrs/server:alpine (alpine 3.12.3)
=========================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

debian result :

2021-02-02T15:54:59.426Z	�[33mWARN�[0m	You should avoid using the :latest tag as it is cached. You need to specify '--clear-cache' option when :latest image is changed
2021-02-02T15:55:02.257Z	�[34mINFO�[0m	Detecting Debian vulnerabilities...
2021-02-02T15:55:02.345Z	�[34mINFO�[0m	Trivy skips scanning programming language libraries because no supported file was detected

bitwardenrs/server:latest (debian 10.7)
=======================================
Total: 291 (UNKNOWN: 4, LOW: 164, MEDIUM: 46, HIGH: 77, CRITICAL: 0)

+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
|       LIBRARY       |  VULNERABILITY ID   | SEVERITY |   INSTALLED VERSION   |   FIXED VERSION   |                            TITLE                             |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| apt                 | CVE-2011-3374       | LOW      | 1.8.2.2               |                   | It was found that apt-key in apt,                            |
|                     |                     |          |                       |                   | all versions, do not correctly...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| bash                | CVE-2019-18276      |          | 5.0-4                 |                   | bash: when effective UID is not                              |
|                     |                     |          |                       |                   | equal to its real UID the...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-18276                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0841856-B18BAF |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| coreutils           | CVE-2016-2781       |          | 8.30-3                |                   | coreutils: Non-privileged                                    |
|                     |                     |          |                       |                   | session can escape to the                                    |
|                     |                     |          |                       |                   | parent session in chroot                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-2781                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-18018      |          |                       |                   | coreutils: race condition                                    |
|                     |                     |          |                       |                   | vulnerability in chown and chgrp                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-18018                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| curl                | CVE-2020-8169       | HIGH     | 7.64.0-4+deb10u1      |                   | libcurl: partial password                                    |
|                     |                     |          |                       |                   | leak over DNS on HTTP redirect                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8177       |          |                       |                   | curl: Incorrect argument                                     |
|                     |                     |          |                       |                   | check can allow remote servers                               |
|                     |                     |          |                       |                   | to overwrite local files...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8177                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8231       |          |                       |                   | curl: Expired pointer                                        |
|                     |                     |          |                       |                   | dereference via multi API with                               |
|                     |                     |          |                       |                   | `CURLOPT_CONNECT_ONLY` option set                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8231                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8285       |          |                       |                   | curl: malicious FTP server can                               |
|                     |                     |          |                       |                   | trigger stack overflow when                                  |
|                     |                     |          |                       |                   | CURLOPT_CHUNK_BGN_FUNCTION                                   |
|                     |                     |          |                       |                   | is used...                                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8285                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8286       |          |                       |                   | curl: inferior OCSP verification                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8286                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8284       | LOW      |                       |                   | curl: dangerous nature                                       |
|                     |                     |          |                       |                   | of PASV command could                                        |
|                     |                     |          |                       |                   | be used to make curl...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8284                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| gcc-8-base          | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| gpgv                | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1      |                   | gnupg2: OpenPGP Key Certification                            |
|                     |                     |          |                       |                   | Forgeries with SHA-1                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-14855                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libapt-pkg5.0       | CVE-2011-3374       |          | 1.8.2.2               |                   | It was found that apt-key in apt,                            |
|                     |                     |          |                       |                   | all versions, do not correctly...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libc-bin            | CVE-2020-1751       | HIGH     | 2.28-10               |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc-dev-bin        | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc6               | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libc6-dev           | CVE-2020-1751       | HIGH     |                       |                   | glibc: array overflow in                                     |
|                     |                     |          |                       |                   | backtrace functions for powerpc                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-1752       |          |                       |                   | glibc: use-after-free in glob()                              |
|                     |                     |          |                       |                   | function when expanding ~user                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-25013      | MEDIUM   |                       |                   | glibc: buffer over-read in                                   |
|                     |                     |          |                       |                   | iconv when processing invalid                                |
|                     |                     |          |                       |                   | multi-byte input sequences in...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-10029      |          |                       |                   | glibc: stack corruption                                      |
|                     |                     |          |                       |                   | from crafted input in cosl,                                  |
|                     |                     |          |                       |                   | sinl, sincosl, and tanl...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27618      |          |                       |                   | glibc: iconv when processing                                 |
|                     |                     |          |                       |                   | invalid multi-byte input                                     |
|                     |                     |          |                       |                   | sequences fails to advance the...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3326       |          |                       |                   | glibc: Assertion failure in                                  |
|                     |                     |          |                       |                   | ISO-2022-JP-3 gconv module                                   |
|                     |                     |          |                       |                   | related to combining characters                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4051       | LOW      |                       |                   | CVE-2010-4052 glibc: De-recursivise                          |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4052       |          |                       |                   | CVE-2010-4051 CVE-2010-4052                                  |
|                     |                     |          |                       |                   | glibc: De-recursivise                                        |
|                     |                     |          |                       |                   | regular expression engine                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4756       |          |                       |                   | glibc: glob implementation                                   |
|                     |                     |          |                       |                   | can cause excessive CPU and                                  |
|                     |                     |          |                       |                   | memory consumption due to...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10228      |          |                       |                   | glibc: iconv program can hang                                |
|                     |                     |          |                       |                   | when invoked with the -c option                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-20796      |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010022    |          |                       |                   | glibc: stack guard protection bypass                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010023    |          |                       |                   | glibc: running ldd on malicious ELF                          |
|                     |                     |          |                       |                   | leads to code execution because of...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010024    |          |                       |                   | glibc: ASLR bypass using                                     |
|                     |                     |          |                       |                   | cache of thread stack and heap                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1010025    |          |                       |                   | glibc: information disclosure of heap                        |
|                     |                     |          |                       |                   | addresses of pthread_created thread                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19126      |          |                       |                   | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                     |                     |          |                       |                   | not ignored in setuid binaries                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9192       |          |                       |                   | glibc: uncontrolled recursion in                             |
|                     |                     |          |                       |                   | function check_dst_limits_calc_pos_1                         |
|                     |                     |          |                       |                   | in posix/regexec.c                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-6096       |          |                       |                   | glibc: signed comparison                                     |
|                     |                     |          |                       |                   | vulnerability in the                                         |
|                     |                     |          |                       |                   | ARMv7 memcpy function                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libcurl4            | CVE-2020-8169       | HIGH     | 7.64.0-4+deb10u1      |                   | libcurl: partial password                                    |
|                     |                     |          |                       |                   | leak over DNS on HTTP redirect                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8177       |          |                       |                   | curl: Incorrect argument                                     |
|                     |                     |          |                       |                   | check can allow remote servers                               |
|                     |                     |          |                       |                   | to overwrite local files...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8177                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8231       |          |                       |                   | curl: Expired pointer                                        |
|                     |                     |          |                       |                   | dereference via multi API with                               |
|                     |                     |          |                       |                   | `CURLOPT_CONNECT_ONLY` option set                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8231                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8285       |          |                       |                   | curl: malicious FTP server can                               |
|                     |                     |          |                       |                   | trigger stack overflow when                                  |
|                     |                     |          |                       |                   | CURLOPT_CHUNK_BGN_FUNCTION                                   |
|                     |                     |          |                       |                   | is used...                                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8285                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8286       |          |                       |                   | curl: inferior OCSP verification                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8286                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-8284       | LOW      |                       |                   | curl: dangerous nature                                       |
|                     |                     |          |                       |                   | of PASV command could                                        |
|                     |                     |          |                       |                   | be used to make curl...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-8284                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgcc1             | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgcrypt20         | CVE-2019-13627      | MEDIUM   | 1.8.4-5               |                   | libgcrypt: ECDSA timing attack                               |
|                     |                     |          |                       |                   | allowing private key leak                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-13627                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-6829       | LOW      |                       |                   | libgcrypt: ElGamal implementation                            |
|                     |                     |          |                       |                   | doesn't have semantic security due                           |
|                     |                     |          |                       |                   | to incorrectly encoded plaintexts...                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-6829                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libgnutls-dane0     | CVE-2020-24659      | HIGH     | 3.6.7-4+deb10u5       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls-openssl27 | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls28-dev     | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutls30         | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libgnutlsxx28       | CVE-2020-24659      | HIGH     |                       |                   | gnutls: Heap buffer                                          |
|                     |                     |          |                       |                   | overflow in handshake with                                   |
|                     |                     |          |                       |                   | no_renegotiation alert sent                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-24659                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-3389       | LOW      |                       |                   | HTTPS: block-wise chosen-plaintext                           |
|                     |                     |          |                       |                   | attack against SSL/TLS (BEAST)                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libgssapi-krb5-2    | CVE-2004-0971       |          | 1.17-3+deb10u1        |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libidn2-0           | CVE-2019-12290      | HIGH     | 2.0.5-1+deb10u1       |                   | GNU libidn2 before 2.2.0                                     |
|                     |                     |          |                       |                   | fails to perform the roundtrip                               |
|                     |                     |          |                       |                   | checks specified in...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12290                        |
+---------------------+                     +          +                       +-------------------+                                                              +
| libidn2-dev         |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libk5crypto3        | CVE-2004-0971       | LOW      | 1.17-3+deb10u1        |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+          +                       +-------------------+--------------------------------------------------------------+
| libkrb5-3           | CVE-2004-0971       |          |                       |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+          +                       +-------------------+--------------------------------------------------------------+
| libkrb5support0     | CVE-2004-0971       |          |                       |                   | security flaw                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-5709       |          |                       |                   | krb5: integer overflow                                       |
|                     |                     |          |                       |                   | in dbentry->n_key_data                                       |
|                     |                     |          |                       |                   | in kadmin/dbutil/dump.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libldap-2.4-2       | CVE-2020-36221      | HIGH     | 2.4.47+dfsg-3+deb10u4 |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in serialNumberAndIssuerCheck                                |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36221                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36222      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | slapd in the saslAuthzTo validation                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36222                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36223      |          |                       |                   | openldap: Out-of-bounds                                      |
|                     |                     |          |                       |                   | read in Values Return Filter                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36223                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36224      |          |                       |                   | openldap: Invalid pointer free                               |
|                     |                     |          |                       |                   | in the saslAuthzTo processing                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36224                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36225      |          |                       |                   | openldap: Double free in                                     |
|                     |                     |          |                       |                   | the saslAuthzTo processing                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36225                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36226      |          |                       |                   | openldap: Denial of service                                  |
|                     |                     |          |                       |                   | via length miscalculation                                    |
|                     |                     |          |                       |                   | in slap_parse_user                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36226                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36227      |          |                       |                   | openldap: Infinite loop in slapd with                        |
|                     |                     |          |                       |                   | the cancel_extop Cancel operation                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36227                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36228      |          |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in issuerAndThisUpdateCheck                                  |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36229      |          |                       |                   | openldap: Type confusion                                     |
|                     |                     |          |                       |                   | in ad_keystring in ad.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36230      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | ber_next_element in decode.c                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36230                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-3276       | LOW      |                       |                   | openldap: incorrect multi-keyword                            |
|                     |                     |          |                       |                   | mode cipherstring parsing                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-14159      |          |                       |                   | openldap: Privilege escalation                               |
|                     |                     |          |                       |                   | via PID file manipulation                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-17740      |          |                       |                   | openldap:                                                    |
|                     |                     |          |                       |                   | contrib/slapd-modules/nops/nops.c                            |
|                     |                     |          |                       |                   | attempts to free stack buffer                                |
|                     |                     |          |                       |                   | allowing remote attackers to cause...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15719      |          |                       |                   | openldap: Certificate                                        |
|                     |                     |          |                       |                   | validation incorrectly                                       |
|                     |                     |          |                       |                   | matches name against CN-ID                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+---------------------+---------------------+----------+                       +-------------------+--------------------------------------------------------------+
| libldap-common      | CVE-2020-36221      | HIGH     |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in serialNumberAndIssuerCheck                                |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36221                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36222      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | slapd in the saslAuthzTo validation                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36222                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36223      |          |                       |                   | openldap: Out-of-bounds                                      |
|                     |                     |          |                       |                   | read in Values Return Filter                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36223                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36224      |          |                       |                   | openldap: Invalid pointer free                               |
|                     |                     |          |                       |                   | in the saslAuthzTo processing                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36224                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36225      |          |                       |                   | openldap: Double free in                                     |
|                     |                     |          |                       |                   | the saslAuthzTo processing                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36225                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36226      |          |                       |                   | openldap: Denial of service                                  |
|                     |                     |          |                       |                   | via length miscalculation                                    |
|                     |                     |          |                       |                   | in slap_parse_user                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36226                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36227      |          |                       |                   | openldap: Infinite loop in slapd with                        |
|                     |                     |          |                       |                   | the cancel_extop Cancel operation                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36227                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36228      |          |                       |                   | openldap: Integer underflow                                  |
|                     |                     |          |                       |                   | in issuerAndThisUpdateCheck                                  |
|                     |                     |          |                       |                   | in schema_init.c                                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36228                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36229      |          |                       |                   | openldap: Type confusion                                     |
|                     |                     |          |                       |                   | in ad_keystring in ad.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-36230      |          |                       |                   | openldap: Assertion failure in                               |
|                     |                     |          |                       |                   | ber_next_element in decode.c                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36230                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-3276       | LOW      |                       |                   | openldap: incorrect multi-keyword                            |
|                     |                     |          |                       |                   | mode cipherstring parsing                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-14159      |          |                       |                   | openldap: Privilege escalation                               |
|                     |                     |          |                       |                   | via PID file manipulation                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-17740      |          |                       |                   | openldap:                                                    |
|                     |                     |          |                       |                   | contrib/slapd-modules/nops/nops.c                            |
|                     |                     |          |                       |                   | attempts to free stack buffer                                |
|                     |                     |          |                       |                   | allowing remote attackers to cause...                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15719      |          |                       |                   | openldap: Certificate                                        |
|                     |                     |          |                       |                   | validation incorrectly                                       |
|                     |                     |          |                       |                   | matches name against CN-ID                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| liblz4-1            | CVE-2019-17543      |          | 1.8.3-1               |                   | lz4: heap-based buffer                                       |
|                     |                     |          |                       |                   | overflow in LZ4_write32                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-17543                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libnghttp2-14       | TEMP-0000000-A4EF31 |          | 1.36.0-2+deb10u1      |                   | -->security-tracker.debian.org/tracker/TEMP-0000000-A4EF31   |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libp11-kit-dev      | CVE-2020-29361      | HIGH     | 0.23.15-2             | 0.23.15-2+deb10u1 | p11-kit: integer overflow when                               |
|                     |                     |          |                       |                   | allocating memory for arrays                                 |
|                     |                     |          |                       |                   | or attributes and object...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29361                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29363      |          |                       |                   | p11-kit: out-of-bounds write in                              |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array_value                          |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29363                        |
+                     +---------------------+----------+                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29362      | MEDIUM   |                       |                   | p11-kit: out-of-bounds read in                               |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array                                |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29362                        |
+---------------------+---------------------+----------+                       +                   +--------------------------------------------------------------+
| libp11-kit0         | CVE-2020-29361      | HIGH     |                       |                   | p11-kit: integer overflow when                               |
|                     |                     |          |                       |                   | allocating memory for arrays                                 |
|                     |                     |          |                       |                   | or attributes and object...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29361                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29363      |          |                       |                   | p11-kit: out-of-bounds write in                              |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array_value                          |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29363                        |
+                     +---------------------+----------+                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29362      | MEDIUM   |                       |                   | p11-kit: out-of-bounds read in                               |
|                     |                     |          |                       |                   | p11_rpc_buffer_get_byte_array                                |
|                     |                     |          |                       |                   | function in rpc-message.c                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29362                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libpcre3            | CVE-2020-14155      |          | 2:8.39-12             |                   | pcre: integer overflow in libpcre                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-14155                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-11164      | LOW      |                       |                   | pcre: OP_KETRMAX feature in the                              |
|                     |                     |          |                       |                   | match function in pcre_exec.c                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-11164                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-16231      |          |                       |                   | pcre: self-recursive call                                    |
|                     |                     |          |                       |                   | in match() in pcre_exec.c                                    |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-16231                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-7245       |          |                       |                   | pcre: stack-based buffer overflow                            |
|                     |                     |          |                       |                   | write in pcre32_copy_substring                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-7245                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-7246       |          |                       |                   | pcre: stack-based buffer overflow                            |
|                     |                     |          |                       |                   | write in pcre32_copy_substring                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-7246                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20838      |          |                       |                   | pcre: buffer over-read in                                    |
|                     |                     |          |                       |                   | JIT when UTF is disabled                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20838                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libpq5              | CVE-2020-25694      | HIGH     | 11.9-0+deb10u1        |                   | postgresql: Reconnection                                     |
|                     |                     |          |                       |                   | can downgrade connection                                     |
|                     |                     |          |                       |                   | security settings                                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25694                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25695      |          |                       |                   | postgresql: Multiple                                         |
|                     |                     |          |                       |                   | features escape "security                                    |
|                     |                     |          |                       |                   | restricted operation" sandbox                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25695                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25696      |          |                       |                   | postgresql: psql's                                           |
|                     |                     |          |                       |                   | \gset allows overwriting                                     |
|                     |                     |          |                       |                   | specially treated variables                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25696                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9193       | LOW      |                       |                   | postgresql: Command injection via                            |
|                     |                     |          |                       |                   | "COPY TO/FROM PROGRAM" function                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9193                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libseccomp2         | CVE-2019-9893       |          | 2.3.3-4               |                   | libseccomp: incorrect generation                             |
|                     |                     |          |                       |                   | of syscall filters in libseccomp                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9893                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libsqlite3-0        | CVE-2019-19603      | HIGH     | 3.27.2-3+deb10u1      |                   | sqlite: mishandles certain SELECT                            |
|                     |                     |          |                       |                   | statements with a nonexistent                                |
|                     |                     |          |                       |                   | VIEW, leading to DoS...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19603                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19645      | MEDIUM   |                       |                   | sqlite: infinite recursion via                               |
|                     |                     |          |                       |                   | certain types of self-referential                            |
|                     |                     |          |                       |                   | views in conjunction with...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19645                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19924      |          |                       |                   | sqlite: incorrect                                            |
|                     |                     |          |                       |                   | sqlite3WindowRewrite() error                                 |
|                     |                     |          |                       |                   | handling leads to mishandling                                |
|                     |                     |          |                       |                   | certain parser-tree rewriting                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19924                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13631      |          |                       |                   | sqlite: Virtual table can be                                 |
|                     |                     |          |                       |                   | renamed into the name of one of...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13631                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19244      | LOW      |                       |                   | sqlite: allows a crash                                       |
|                     |                     |          |                       |                   | if a sub-select uses both                                    |
|                     |                     |          |                       |                   | DISTINCT and window...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19244                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11656      |          |                       |                   | sqlite: use-after-free in the                                |
|                     |                     |          |                       |                   | ALTER TABLE implementation                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11656                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libssh2-1           | CVE-2019-13115      | HIGH     | 1.8.0-2.1             |                   | libssh2: integer overflow in                                 |
|                     |                     |          |                       |                   | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|                     |                     |          |                       |                   | in kex.c leads to out-of-bounds write                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-13115                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-17498      | LOW      |                       |                   | libssh2: integer overflow in                                 |
|                     |                     |          |                       |                   | SSH_MSG_DISCONNECT logic in packet.c                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-17498                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libssl1.1           | CVE-2007-6755       |          | 1.1.1d-0+deb10u4      |                   | Dual_EC_DRBG: weak pseudo                                    |
|                     |                     |          |                       |                   | random number generator                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-0928       |          |                       |                   | openssl: RSA authentication weakness                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1551       |          |                       |                   | openssl: Integer overflow in RSAZ                            |
|                     |                     |          |                       |                   | modular exponentiation on x86_64                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1551                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libstdc++6          | CVE-2018-12886      | HIGH     | 8.3.0-6               |                   | gcc: spilling of stack                                       |
|                     |                     |          |                       |                   | protection address in cfgexpand.c                            |
|                     |                     |          |                       |                   | and function.c leads to...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15847      |          |                       |                   | gcc: POWER9 "DARN" RNG intrinsic                             |
|                     |                     |          |                       |                   | produces repeated output                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libsystemd0         | CVE-2019-3843       |          | 241-7~deb10u5         |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can create SUID/SGID binaries                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-3844       |          |                       |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can get new privileges and                                   |
|                     |                     |          |                       |                   | create SGID binaries...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4392       | LOW      |                       |                   | systemd: TOCTOU race condition                               |
|                     |                     |          |                       |                   | when updating file permissions                               |
|                     |                     |          |                       |                   | and SELinux security contexts...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20386      |          |                       |                   | systemd: memory leak in button_open()                        |
|                     |                     |          |                       |                   | in login/logind-button.c when                                |
|                     |                     |          |                       |                   | udev events are received...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13776      |          |                       |                   | systemd: mishandles numerical                                |
|                     |                     |          |                       |                   | usernames beginning with decimal                             |
|                     |                     |          |                       |                   | digits or 0x followed by...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| libtasn1-6          | CVE-2018-1000654    |          | 4.13-3                |                   | libtasn1: Infinite loop in                                   |
|                     |                     |          |                       |                   | _asn1_expand_object_id(ptree)                                |
|                     |                     |          |                       |                   | leads to memory exhaustion                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-1000654                      |
+---------------------+                     +          +                       +-------------------+                                                              +
| libtasn1-6-dev      |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
|                     |                     |          |                       |                   |                                                              |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libudev1            | CVE-2019-3843       | HIGH     | 241-7~deb10u5         |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can create SUID/SGID binaries                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-3844       |          |                       |                   | systemd: services with DynamicUser                           |
|                     |                     |          |                       |                   | can get new privileges and                                   |
|                     |                     |          |                       |                   | create SGID binaries...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4392       | LOW      |                       |                   | systemd: TOCTOU race condition                               |
|                     |                     |          |                       |                   | when updating file permissions                               |
|                     |                     |          |                       |                   | and SELinux security contexts...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20386      |          |                       |                   | systemd: memory leak in button_open()                        |
|                     |                     |          |                       |                   | in login/logind-button.c when                                |
|                     |                     |          |                       |                   | udev events are received...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13776      |          |                       |                   | systemd: mishandles numerical                                |
|                     |                     |          |                       |                   | usernames beginning with decimal                             |
|                     |                     |          |                       |                   | digits or 0x followed by...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| libunbound8         | CVE-2020-28935      | MEDIUM   | 1.9.0-2+deb10u2       |                   | unbound: symbolic link                                       |
|                     |                     |          |                       |                   | traversal when writing PID file                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-28935                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-18934      | LOW      |                       |                   | unbound: command injection with                              |
|                     |                     |          |                       |                   | data coming from a specially                                 |
|                     |                     |          |                       |                   | crafted IPSECKEY answer...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-18934                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| linux-libc-dev      | CVE-2013-7445       | HIGH     | 4.19.160-2            |                   | kernel: memory exhaustion via                                |
|                     |                     |          |                       |                   | crafted Graphics Execution                                   |
|                     |                     |          |                       |                   | Manager (GEM) objects                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-7445                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19378      |          |                       |                   | kernel: out-of-bounds write in                               |
|                     |                     |          |                       |                   | index_rbio_pages in fs/btrfs/raid56.c                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19378                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19449      |          |                       |                   | kernel: mounting a crafted                                   |
|                     |                     |          |                       |                   | f2fs filesystem image can lead                               |
|                     |                     |          |                       |                   | to slab-out-of-bounds read...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19449                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19814      |          |                       |                   | kernel: out-of-bounds write                                  |
|                     |                     |          |                       |                   | in __remove_dirty_segment                                    |
|                     |                     |          |                       |                   | in fs/f2fs/segment.c                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19814                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11725      |          |                       |                   | kernel: improper handling of                                 |
|                     |                     |          |                       |                   | private_size*count multiplication                            |
|                     |                     |          |                       |                   | due to count=info->owner typo                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11725                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-16119      |          |                       |                   | kernel: DCCP CCID structure                                  |
|                     |                     |          |                       |                   | use-after-free may lead to                                   |
|                     |                     |          |                       |                   | DoS or code execution...                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-16119                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27815      |          |                       | 4.19.171-2        | kernel: Array index out of                                   |
|                     |                     |          |                       |                   | bounds access when setting                                   |
|                     |                     |          |                       |                   | extended attributes on...                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27815                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-28374      |          |                       |                   | kernel: SCSI target (LIO) write                              |
|                     |                     |          |                       |                   | to any block on ILO backstore                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-28374                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29374      |          |                       |                   | kernel: the get_user_pages                                   |
|                     |                     |          |                       |                   | implementation when used for a                               |
|                     |                     |          |                       |                   | copy-on-write page does not...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29374                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29569      |          |                       | 4.19.171-2        | ELSA-2021-9025:  Unbreakable                                 |
|                     |                     |          |                       |                   | Enterprise kernel-container                                  |
|                     |                     |          |                       |                   | security update (IMPORTANT)                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29569                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29661      |          |                       |                   | kernel: locking issue in                                     |
|                     |                     |          |                       |                   | drivers/tty/tty_jobctrl.c                                    |
|                     |                     |          |                       |                   | can lead to an use-after-free                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29661                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2021-3347       |          |                       |                   | kernel: Use after free                                       |
|                     |                     |          |                       |                   | via PI futex state                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3347                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-0630       | MEDIUM   |                       |                   | kernel: Information                                          |
|                     |                     |          |                       |                   | disclosure vulnerability                                     |
|                     |                     |          |                       |                   | in kernel trace subsystem                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-0630                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-3693       |          |                       |                   | Kernel: speculative                                          |
|                     |                     |          |                       |                   | bounds check bypass store                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-3693                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15213      |          |                       |                   | kernel: use-after-free caused                                |
|                     |                     |          |                       |                   | by malicious USB device in                                   |
|                     |                     |          |                       |                   | drivers/media/usb/dvb-usb/dvb-usb-init.c                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15213                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-15794      |          |                       |                   | kernel: Overlayfs in the                                     |
|                     |                     |          |                       |                   | Linux kernel and shiftfs                                     |
|                     |                     |          |                       |                   | not restoring original...                                    |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-15794                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16089      |          |                       |                   | kernel: Improper return check                                |
|                     |                     |          |                       |                   | in nbd_genl_status function                                  |
|                     |                     |          |                       |                   | in drivers/block/nbd.c                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16089                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-20794      |          |                       |                   | kernel: task processes not                                   |
|                     |                     |          |                       |                   | being properly ended could                                   |
|                     |                     |          |                       |                   | lead to resource exhaustion...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-20794                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-14304      |          |                       |                   | kernel: ethtool when reading                                 |
|                     |                     |          |                       |                   | eeprom of device could                                       |
|                     |                     |          |                       |                   | lead to memory leak...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-14304                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-15802      |          |                       |                   | hardware: BLURtooth: "Dual                                   |
|                     |                     |          |                       |                   | mode" hardware using CTKD are                                |
|                     |                     |          |                       |                   | vulnerable to key overwrite...                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-15802                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-16120      |          |                       |                   | kernel: incorrect unprivileged                               |
|                     |                     |          |                       |                   | overlayfs permission checking may                            |
|                     |                     |          |                       |                   | lead to information disclosure                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-16120                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-26541      |          |                       |                   | kernel: security bypass                                      |
|                     |                     |          |                       |                   | in certs/blacklist.c and                                     |
|                     |                     |          |                       |                   | certs/system_keyring.c                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-26541                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27820      |          |                       |                   | kernel: use-after-free                                       |
|                     |                     |          |                       |                   | in nouveau kernel module                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27820                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27825      |          |                       | 4.19.171-2        | kernel: use-after-free                                       |
|                     |                     |          |                       |                   | in the ftrace ring buffer                                    |
|                     |                     |          |                       |                   | resizing logic due to a...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27825                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-27830      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in in spk_ttyio_receive_buf2                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27830                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-27835      |          |                       |                   | kernel: child process is able to                             |
|                     |                     |          |                       |                   | access parent mm through hfi dev...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-27835                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-29568      |          |                       | 4.19.171-2        | ELSA-2021-9025:  Unbreakable                                 |
|                     |                     |          |                       |                   | Enterprise kernel-container                                  |
|                     |                     |          |                       |                   | security update (IMPORTANT)                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29568                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-29660      |          |                       |                   | kernel: locking inconsistency                                |
|                     |                     |          |                       |                   | in drivers/tty/tty_io.c and                                  |
|                     |                     |          |                       |                   | drivers/tty/tty_jobctrl.c can                                |
|                     |                     |          |                       |                   | lead to a read-after-free...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-29660                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2020-36158      |          |                       |                   | kernel: buffer overflow in                                   |
|                     |                     |          |                       |                   | mwifiex_cmd_802_11_ad_hoc_start function in                  |
|                     |                     |          |                       |                   | drivers/net/wireless/marvell/mwifiex/join.c                  |
|                     |                     |          |                       |                   | via a long SSID...                                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-36158                        |
+                     +---------------------+          +                       +                   +--------------------------------------------------------------+
|                     | CVE-2021-20177      |          |                       |                   | kernel: iptables string match                                |
|                     |                     |          |                       |                   | rule could result in kernel panic                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-20177                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3348       |          |                       |                   | kernel: Use-after-free                                       |
|                     |                     |          |                       |                   | in ndb_queue_rq() in                                         |
|                     |                     |          |                       |                   | drivers/block/nbd.c                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3348                         |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2004-0230       | LOW      |                       |                   | TCP, when using a large Window                               |
|                     |                     |          |                       |                   | Size, makes it easier for remote...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2004-0230                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2005-3660       |          |                       |                   | Linux kernel 2.4 and 2.6 allows                              |
|                     |                     |          |                       |                   | attackers to cause a denial of...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2005-3660                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2007-3719       |          |                       |                   | kernel: secretly Monopolizing the                            |
|                     |                     |          |                       |                   | CPU Without Superuser Privileges                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-3719                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2008-2544       |          |                       |                   | kernel: mounting proc                                        |
|                     |                     |          |                       |                   | readonly on a different mount                                |
|                     |                     |          |                       |                   | point silently mounts it...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2008-2544                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2008-4609       |          |                       |                   | kernel: TCP protocol                                         |
|                     |                     |          |                       |                   | vulnerabilities from Outpost24                               |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2008-4609                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-4563       |          |                       |                   | kernel: ipv6: sniffer detection                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-4563                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-5321       |          |                       |                   | kernel: v4l: videobuf: hotfix a                              |
|                     |                     |          |                       |                   | bug on multiple calls to mmap()                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-5321                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-4915       |          |                       |                   | fs/proc/base.c in the Linux                                  |
|                     |                     |          |                       |                   | kernel through 3.1 allows                                    |
|                     |                     |          |                       |                   | local users to obtain...                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4915                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2011-4917       |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4917                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2012-4542       |          |                       |                   | kernel: block: default SCSI                                  |
|                     |                     |          |                       |                   | command filter does not accomodate                           |
|                     |                     |          |                       |                   | commands overlap across...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2012-4542                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2014-9892       |          |                       |                   | The snd_compr_tstamp function in                             |
|                     |                     |          |                       |                   | sound/core/compress_offload.c in                             |
|                     |                     |          |                       |                   | the Linux kernel through 4.7, as...                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2014-9892                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2014-9900       |          |                       |                   | kernel: Info leak in uninitialized                           |
|                     |                     |          |                       |                   | structure ethtool_wolinfo                                    |
|                     |                     |          |                       |                   | in ethtool_get_wol()                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2014-9900                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2015-2877       |          |                       |                   | Kernel: Cross-VM ASL                                         |
|                     |                     |          |                       |                   | INtrospection (CAIN)                                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2015-2877                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-10723      |          |                       |                   | ** DISPUTED ** An issue                                      |
|                     |                     |          |                       |                   | was discovered in the                                        |
|                     |                     |          |                       |                   | Linux kernel through...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-10723                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2016-8660       |          |                       |                   | kernel: xfs: local DoS due to                                |
|                     |                     |          |                       |                   | a page lock order bug in...                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2016-8660                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-13693      |          |                       |                   | kernel: ACPI operand                                         |
|                     |                     |          |                       |                   | cache leak in dsutils.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-13693                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2017-13694      |          |                       |                   | kernel: ACPI node and                                        |
|                     |                     |          |                       |                   | node_ext cache leak                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2017-13694                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-1121       |          |                       |                   | procps-ng, procps: process                                   |
|                     |                     |          |                       |                   | hiding through race                                          |
|                     |                     |          |                       |                   | condition enumerating /proc                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-1121                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-12928      |          |                       |                   | kernel: NULL pointer dereference                             |
|                     |                     |          |                       |                   | in hfs_ext_read_extent in hfs.ko                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-12928                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-17977      |          |                       |                   | kernel: Mishandled interactions among                        |
|                     |                     |          |                       |                   | XFRM Netlink messages, IPPROTO_AH                            |
|                     |                     |          |                       |                   | packets, and IPPROTO_IP packets...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-17977                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-11191      |          |                       |                   | kernel: race condition in                                    |
|                     |                     |          |                       |                   | load_aout_binary() allows local                              |
|                     |                     |          |                       |                   | users to bypass ASLR on...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-11191                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12378      |          |                       |                   | kernel: unchecked kmalloc                                    |
|                     |                     |          |                       |                   | of new_ra in ip6_ra_control                                  |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12378                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12379      |          |                       |                   | kernel:  memory leak in                                      |
|                     |                     |          |                       |                   | con_insert_unipair in                                        |
|                     |                     |          |                       |                   | drivers/tty/vt/consolemap.c                                  |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12379                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12380      |          |                       |                   | kernel: memory allocation                                    |
|                     |                     |          |                       |                   | failure in the efi subsystem                                 |
|                     |                     |          |                       |                   | leads to denial of...                                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12380                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12381      |          |                       |                   | kernel: unchecked kmalloc                                    |
|                     |                     |          |                       |                   | of new_ra in ip_ra_control                                   |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12381                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12382      |          |                       |                   | kernel: unchecked kstrdup of                                 |
|                     |                     |          |                       |                   | fwstr in drm_load_edid_firmware                              |
|                     |                     |          |                       |                   | leads to denial of service...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12382                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12455      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in sunxi_divs_clk_setup in                                   |
|                     |                     |          |                       |                   | drivers/clk/sunxi/clk-sunxi.c                                |
|                     |                     |          |                       |                   | causing denial of service...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12455                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12456      |          |                       |                   | kernel: double fetch in the                                  |
|                     |                     |          |                       |                   | MPT3COMMAND case in _ctl_ioctl_main                          |
|                     |                     |          |                       |                   | in drivers/scsi/mpt3sas/mpt3sas_ctl.c                        |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12456                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-12615      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in get_vdev_port_node_info                                   |
|                     |                     |          |                       |                   | in arch /sparc/kernel/mdesc.c                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-12615                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16229      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16229                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16230      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/gpu/drm/radeon/radeon_display.c                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16230                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16231      |          |                       |                   | kernel: null-pointer dereference                             |
|                     |                     |          |                       |                   | in drivers/net/fjes/fjes_main.c                              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16231                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16232      |          |                       |                   | kernel: null-pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/net/wireless/marvell/libertas/if_sdio.c              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16232                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16233      |          |                       |                   | kernel: null pointer dereference                             |
|                     |                     |          |                       |                   | in drivers/scsi/qla2xxx/qla_os.c                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16233                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-16234      |          |                       |                   | kernel: null pointer dereference in                          |
|                     |                     |          |                       |                   | drivers/net/wireless/intel/iwlwifi/pcie/trans.c              |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-16234                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19064      |          |                       |                   | kernel: A memory leak in the                                 |
|                     |                     |          |                       |                   | fsl_lpspi_probe() function in                                |
|                     |                     |          |                       |                   | drivers/spi/spi-fsl-lpspi.c                                  |
|                     |                     |          |                       |                   | allows for...                                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19064                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19070      |          |                       |                   | kernel: A memory leak in the                                 |
|                     |                     |          |                       |                   | spi_gpio_probe() function in                                 |
|                     |                     |          |                       |                   | drivers/spi/spi-gpio.c allows for...                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19070                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19083      |          |                       |                   | kernel: memory leaks in                                      |
|                     |                     |          |                       |                   | *clock_source_create() functions                             |
|                     |                     |          |                       |                   | under drivers/gpu/drm/amd/display/dc                         |
|                     |                     |          |                       |                   | leads to DoS                                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19083                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-3178       |          |                       | 4.19.171-1        | kernel: path traversal in                                    |
|                     |                     |          |                       |                   | fs/nfsd/nfs3xdr.c may lead to                                |
|                     |                     |          |                       |                   | Information Disclosure or RCE...                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-3178                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0000000-F7A20F |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0000000-F7A20F   |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25670      | UNKNOWN  |                       |                   | kernel: refcount leak                                        |
|                     |                     |          |                       |                   | in llcp_sock_bind()                                          |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25670                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25671      |          |                       |                   | kernel: refcount leak                                        |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25671                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25672      |          |                       |                   | kernel: memory leak                                          |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25672                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-25673      |          |                       |                   | kernel: non-blocking socket                                  |
|                     |                     |          |                       |                   | in llcp_sock_connect()                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-25673                        |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| login               | CVE-2007-5686       | LOW      | 1:4.5-1.1             |                   | initscripts in rPath Linux 1                                 |
|                     |                     |          |                       |                   | sets insecure permissions for                                |
|                     |                     |          |                       |                   | the /var/log/btmp file,...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4235       |          |                       |                   | shadow-utils: TOCTOU race                                    |
|                     |                     |          |                       |                   | conditions by copying and                                    |
|                     |                     |          |                       |                   | removing directory trees                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-7169       |          |                       |                   | shadow-utils: newgidmap                                      |
|                     |                     |          |                       |                   | allows unprivileged user to                                  |
|                     |                     |          |                       |                   | drop supplementary groups                                    |
|                     |                     |          |                       |                   | potentially allowing privilege...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19882      |          |                       |                   | shadow-utils: local users can                                |
|                     |                     |          |                       |                   | obtain root access because setuid                            |
|                     |                     |          |                       |                   | programs are misconfigured...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0628843-DBAD28 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| openssl             | CVE-2007-6755       |          | 1.1.1d-0+deb10u4      |                   | Dual_EC_DRBG: weak pseudo                                    |
|                     |                     |          |                       |                   | random number generator                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2010-0928       |          |                       |                   | openssl: RSA authentication weakness                         |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-1551       |          |                       |                   | openssl: Integer overflow in RSAZ                            |
|                     |                     |          |                       |                   | modular exponentiation on x86_64                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-1551                         |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| passwd              | CVE-2007-5686       |          | 1:4.5-1.1             |                   | initscripts in rPath Linux 1                                 |
|                     |                     |          |                       |                   | sets insecure permissions for                                |
|                     |                     |          |                       |                   | the /var/log/btmp file,...                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2013-4235       |          |                       |                   | shadow-utils: TOCTOU race                                    |
|                     |                     |          |                       |                   | conditions by copying and                                    |
|                     |                     |          |                       |                   | removing directory trees                                     |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2018-7169       |          |                       |                   | shadow-utils: newgidmap                                      |
|                     |                     |          |                       |                   | allows unprivileged user to                                  |
|                     |                     |          |                       |                   | drop supplementary groups                                    |
|                     |                     |          |                       |                   | potentially allowing privilege...                            |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19882      |          |                       |                   | shadow-utils: local users can                                |
|                     |                     |          |                       |                   | obtain root access because setuid                            |
|                     |                     |          |                       |                   | programs are misconfigured...                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0628843-DBAD28 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| perl-base           | CVE-2011-4116       |          | 5.28.1-6+deb10u1      |                   | perl: File::Temp insecure                                    |
|                     |                     |          |                       |                   | temporary file handling                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2011-4116                         |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+
| sqlite3             | CVE-2019-19603      | HIGH     | 3.27.2-3+deb10u1      |                   | sqlite: mishandles certain SELECT                            |
|                     |                     |          |                       |                   | statements with a nonexistent                                |
|                     |                     |          |                       |                   | VIEW, leading to DoS...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19603                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19645      | MEDIUM   |                       |                   | sqlite: infinite recursion via                               |
|                     |                     |          |                       |                   | certain types of self-referential                            |
|                     |                     |          |                       |                   | views in conjunction with...                                 |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19645                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19924      |          |                       |                   | sqlite: incorrect                                            |
|                     |                     |          |                       |                   | sqlite3WindowRewrite() error                                 |
|                     |                     |          |                       |                   | handling leads to mishandling                                |
|                     |                     |          |                       |                   | certain parser-tree rewriting                                |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19924                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-13631      |          |                       |                   | sqlite: Virtual table can be                                 |
|                     |                     |          |                       |                   | renamed into the name of one of...                           |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-13631                        |
+                     +---------------------+----------+                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-19244      | LOW      |                       |                   | sqlite: allows a crash                                       |
|                     |                     |          |                       |                   | if a sub-select uses both                                    |
|                     |                     |          |                       |                   | DISTINCT and window...                                       |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-19244                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2020-11656      |          |                       |                   | sqlite: use-after-free in the                                |
|                     |                     |          |                       |                   | ALTER TABLE implementation                                   |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2020-11656                        |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| sysvinit-utils      | TEMP-0517018-A83CE6 |          | 2.93-8                |                   | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6   |
+---------------------+---------------------+          +-----------------------+-------------------+--------------------------------------------------------------+
| tar                 | CVE-2005-2541       |          | 1.30+dfsg-6           |                   | Tar 1.15.1 does not                                          |
|                     |                     |          |                       |                   | properly warn the user when                                  |
|                     |                     |          |                       |                   | extracting setuid or...                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2005-2541                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2019-9923       |          |                       |                   | tar: null-pointer dereference                                |
|                     |                     |          |                       |                   | in pax_decode_header in sparse.c                             |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2019-9923                         |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | CVE-2021-20193      |          |                       |                   | tar: Memory leak in                                          |
|                     |                     |          |                       |                   | read_header() in list.c                                      |
|                     |                     |          |                       |                   | -->avd.aquasec.com/nvd/cve-2021-20193                        |
+                     +---------------------+          +                       +-------------------+--------------------------------------------------------------+
|                     | TEMP-0290435-0B57B5 |          |                       |                   | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5   |
+---------------------+---------------------+----------+-----------------------+-------------------+--------------------------------------------------------------+

jjlin · 2021-02-02T18:56:47Z

jjlin
Feb 2, 2021

This doesn't seem particularly valuable. Each bitwarden_rs image build generally uses the latest base image available and installs the latest packages available at that time, so that's pretty much the best that can be done, short of rebuilding the images on each base image update. This tool also has a ton of false positives...

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerabilities scan with Trivy #1350

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Vulnerabilities scan with Trivy #1350

thelittlefireman Feb 2, 2021

Replies: 1 comment

jjlin Feb 2, 2021

thelittlefireman
Feb 2, 2021

jjlin
Feb 2, 2021