dangeroustech/zerotierbridge
1
0
Fork 0
mirror of https://github.com/dangeroustech/ZeroTierBridge.git synced 2025-12-06 09:06:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9908f656e7efc0ebe8e5d4bab9b000cee0ff0da1
zerotierbridge/results.sarif
Conventional Changelog Action 09370a89a7 chore 🤖: Release v1.0.10 [skip ci] [skip ci]
2023-09-22 20:46:03 +00:00

6883 lines
362 KiB
JSON
Raw Blame History

{
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
"runs": [
{
"tool": {
"driver": {
"name": "Grype",
"version": "0.63.0",
"informationUri": "https://github.com/anchore/grype",
"rules": [
{
"id": "CVE-2005-2541-tar",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2005-2541 low vulnerability for tar package"
},
"fullDescription": {
"text": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2005-2541\nSeverity: low\nPackage: tar\nVersion: 1.30+dfsg-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2005-2541](https://security-tracker.debian.org/tracker/CVE-2005-2541)",
"markdown": "**Vulnerability CVE-2005-2541**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | tar | 1.30+dfsg-6 | | deb | | debian:distro:debian:10 | [CVE-2005-2541](https://security-tracker.debian.org/tracker/CVE-2005-2541) |\n"
},
"properties": {
"security-severity": "10.0"
}
},
{
"id": "CVE-2007-5686-login",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2007-5686 low vulnerability for login package"
},
"fullDescription": {
"text": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2007-5686\nSeverity: low\nPackage: login\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2007-5686](https://security-tracker.debian.org/tracker/CVE-2007-5686)",
"markdown": "**Vulnerability CVE-2007-5686**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | login | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2007-5686](https://security-tracker.debian.org/tracker/CVE-2007-5686) |\n"
},
"properties": {
"security-severity": "4.9"
}
},
{
"id": "CVE-2007-5686-passwd",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2007-5686 low vulnerability for passwd package"
},
"fullDescription": {
"text": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2007-5686\nSeverity: low\nPackage: passwd\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2007-5686](https://security-tracker.debian.org/tracker/CVE-2007-5686)",
"markdown": "**Vulnerability CVE-2007-5686**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | passwd | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2007-5686](https://security-tracker.debian.org/tracker/CVE-2007-5686) |\n"
},
"properties": {
"security-severity": "4.9"
}
},
{
"id": "CVE-2007-6755-libssl1.1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2007-6755 low vulnerability for libssl1.1 package"
},
"fullDescription": {
"text": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2007-6755\nSeverity: low\nPackage: libssl1.1\nVersion: 1.1.1n-0+deb10u6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2007-6755](https://security-tracker.debian.org/tracker/CVE-2007-6755)",
"markdown": "**Vulnerability CVE-2007-6755**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libssl1.1 | 1.1.1n-0+deb10u6 | | deb | | debian:distro:debian:10 | [CVE-2007-6755](https://security-tracker.debian.org/tracker/CVE-2007-6755) |\n"
},
"properties": {
"security-severity": "5.8"
}
},
{
"id": "CVE-2007-6755-openssl",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2007-6755 low vulnerability for openssl package"
},
"fullDescription": {
"text": "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2007-6755\nSeverity: low\nPackage: openssl\nVersion: 1.1.1n-0+deb10u6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2007-6755](https://security-tracker.debian.org/tracker/CVE-2007-6755)",
"markdown": "**Vulnerability CVE-2007-6755**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | openssl | 1.1.1n-0+deb10u6 | | deb | | debian:distro:debian:10 | [CVE-2007-6755](https://security-tracker.debian.org/tracker/CVE-2007-6755) |\n"
},
"properties": {
"security-severity": "5.8"
}
},
{
"id": "CVE-2010-0928-libssl1.1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2010-0928 low vulnerability for libssl1.1 package"
},
"fullDescription": {
"text": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2010-0928\nSeverity: low\nPackage: libssl1.1\nVersion: 1.1.1n-0+deb10u6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2010-0928](https://security-tracker.debian.org/tracker/CVE-2010-0928)",
"markdown": "**Vulnerability CVE-2010-0928**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libssl1.1 | 1.1.1n-0+deb10u6 | | deb | | debian:distro:debian:10 | [CVE-2010-0928](https://security-tracker.debian.org/tracker/CVE-2010-0928) |\n"
},
"properties": {
"security-severity": "4.0"
}
},
{
"id": "CVE-2010-0928-openssl",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2010-0928 low vulnerability for openssl package"
},
"fullDescription": {
"text": "OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it easier for physically proximate attackers to determine the private key via a modified supply voltage for the microprocessor, related to a \"fault-based attack.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2010-0928\nSeverity: low\nPackage: openssl\nVersion: 1.1.1n-0+deb10u6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2010-0928](https://security-tracker.debian.org/tracker/CVE-2010-0928)",
"markdown": "**Vulnerability CVE-2010-0928**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | openssl | 1.1.1n-0+deb10u6 | | deb | | debian:distro:debian:10 | [CVE-2010-0928](https://security-tracker.debian.org/tracker/CVE-2010-0928) |\n"
},
"properties": {
"security-severity": "4.0"
}
},
{
"id": "CVE-2010-4756-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2010-4756 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2010-4756\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2010-4756](https://security-tracker.debian.org/tracker/CVE-2010-4756)",
"markdown": "**Vulnerability CVE-2010-4756**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2010-4756](https://security-tracker.debian.org/tracker/CVE-2010-4756) |\n"
},
"properties": {
"security-severity": "4.0"
}
},
{
"id": "CVE-2010-4756-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2010-4756 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2010-4756\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2010-4756](https://security-tracker.debian.org/tracker/CVE-2010-4756)",
"markdown": "**Vulnerability CVE-2010-4756**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2010-4756](https://security-tracker.debian.org/tracker/CVE-2010-4756) |\n"
},
"properties": {
"security-severity": "4.0"
}
},
{
"id": "CVE-2011-3374-apt",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2011-3374 low vulnerability for apt package"
},
"fullDescription": {
"text": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2011-3374\nSeverity: low\nPackage: apt\nVersion: 1.8.2.3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2011-3374](https://security-tracker.debian.org/tracker/CVE-2011-3374)",
"markdown": "**Vulnerability CVE-2011-3374**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | apt | 1.8.2.3 | | deb | | debian:distro:debian:10 | [CVE-2011-3374](https://security-tracker.debian.org/tracker/CVE-2011-3374) |\n"
},
"properties": {
"security-severity": "4.3"
}
},
{
"id": "CVE-2011-3374-libapt-pkg5.0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2011-3374 low vulnerability for libapt-pkg5.0 package"
},
"fullDescription": {
"text": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2011-3374\nSeverity: low\nPackage: libapt-pkg5.0\nVersion: 1.8.2.3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2011-3374](https://security-tracker.debian.org/tracker/CVE-2011-3374)",
"markdown": "**Vulnerability CVE-2011-3374**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libapt-pkg5.0 | 1.8.2.3 | | deb | | debian:distro:debian:10 | [CVE-2011-3374](https://security-tracker.debian.org/tracker/CVE-2011-3374) |\n"
},
"properties": {
"security-severity": "4.3"
}
},
{
"id": "CVE-2011-3389-libgnutls30",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2011-3389 low vulnerability for libgnutls30 package"
},
"fullDescription": {
"text": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2011-3389\nSeverity: low\nPackage: libgnutls30\nVersion: 3.6.7-4+deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389)",
"markdown": "**Vulnerability CVE-2011-3389**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgnutls30 | 3.6.7-4+deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2011-3389](https://security-tracker.debian.org/tracker/CVE-2011-3389) |\n"
},
"properties": {
"security-severity": "4.3"
}
},
{
"id": "CVE-2011-4116-perl-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2011-4116 low vulnerability for perl-base package"
},
"fullDescription": {
"text": "_is_safe in the File::Temp module for Perl does not properly handle symlinks."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2011-4116\nSeverity: low\nPackage: perl-base\nVersion: 5.28.1-6+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2011-4116](https://security-tracker.debian.org/tracker/CVE-2011-4116)",
"markdown": "**Vulnerability CVE-2011-4116**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | perl-base | 5.28.1-6+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2011-4116](https://security-tracker.debian.org/tracker/CVE-2011-4116) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2012-2663-iptables",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2012-2663 low vulnerability for iptables package"
},
"fullDescription": {
"text": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2012-2663\nSeverity: low\nPackage: iptables\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663)",
"markdown": "**Vulnerability CVE-2012-2663**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | iptables | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2012-2663-libip4tc0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2012-2663 low vulnerability for libip4tc0 package"
},
"fullDescription": {
"text": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2012-2663\nSeverity: low\nPackage: libip4tc0\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663)",
"markdown": "**Vulnerability CVE-2012-2663**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libip4tc0 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2012-2663-libip6tc0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2012-2663 low vulnerability for libip6tc0 package"
},
"fullDescription": {
"text": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2012-2663\nSeverity: low\nPackage: libip6tc0\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663)",
"markdown": "**Vulnerability CVE-2012-2663**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libip6tc0 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2012-2663-libiptc0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2012-2663 low vulnerability for libiptc0 package"
},
"fullDescription": {
"text": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2012-2663\nSeverity: low\nPackage: libiptc0\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663)",
"markdown": "**Vulnerability CVE-2012-2663**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libiptc0 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2012-2663-libxtables12",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2012-2663 low vulnerability for libxtables12 package"
},
"fullDescription": {
"text": "extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2012-2663\nSeverity: low\nPackage: libxtables12\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663)",
"markdown": "**Vulnerability CVE-2012-2663**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libxtables12 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2012-2663](https://security-tracker.debian.org/tracker/CVE-2012-2663) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2013-4235-login",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2013-4235 low vulnerability for login package"
},
"fullDescription": {
"text": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2013-4235\nSeverity: low\nPackage: login\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2013-4235](https://security-tracker.debian.org/tracker/CVE-2013-4235)",
"markdown": "**Vulnerability CVE-2013-4235**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | login | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2013-4235](https://security-tracker.debian.org/tracker/CVE-2013-4235) |\n"
},
"properties": {
"security-severity": "4.7"
}
},
{
"id": "CVE-2013-4235-passwd",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2013-4235 low vulnerability for passwd package"
},
"fullDescription": {
"text": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2013-4235\nSeverity: low\nPackage: passwd\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2013-4235](https://security-tracker.debian.org/tracker/CVE-2013-4235)",
"markdown": "**Vulnerability CVE-2013-4235**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | passwd | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2013-4235](https://security-tracker.debian.org/tracker/CVE-2013-4235) |\n"
},
"properties": {
"security-severity": "4.7"
}
},
{
"id": "CVE-2013-4392-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2013-4392 low vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2013-4392\nSeverity: low\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2013-4392](https://security-tracker.debian.org/tracker/CVE-2013-4392)",
"markdown": "**Vulnerability CVE-2013-4392**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2013-4392](https://security-tracker.debian.org/tracker/CVE-2013-4392) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2013-4392-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2013-4392 low vulnerability for libudev1 package"
},
"fullDescription": {
"text": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2013-4392\nSeverity: low\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2013-4392](https://security-tracker.debian.org/tracker/CVE-2013-4392)",
"markdown": "**Vulnerability CVE-2013-4392**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2013-4392](https://security-tracker.debian.org/tracker/CVE-2013-4392) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2016-2781-coreutils",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2016-2781 low vulnerability for coreutils package"
},
"fullDescription": {
"text": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2016-2781\nSeverity: low\nPackage: coreutils\nVersion: 8.30-3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2016-2781](https://security-tracker.debian.org/tracker/CVE-2016-2781)",
"markdown": "**Vulnerability CVE-2016-2781**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | coreutils | 8.30-3 | | deb | | debian:distro:debian:10 | [CVE-2016-2781](https://security-tracker.debian.org/tracker/CVE-2016-2781) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2017-11164-libpcre3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2017-11164 low vulnerability for libpcre3 package"
},
"fullDescription": {
"text": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2017-11164\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2017-11164](https://security-tracker.debian.org/tracker/CVE-2017-11164)",
"markdown": "**Vulnerability CVE-2017-11164**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12 | | deb | | debian:distro:debian:10 | [CVE-2017-11164](https://security-tracker.debian.org/tracker/CVE-2017-11164) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2017-16231-libpcre3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2017-16231 low vulnerability for libpcre3 package"
},
"fullDescription": {
"text": "** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2017-16231\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2017-16231](https://security-tracker.debian.org/tracker/CVE-2017-16231)",
"markdown": "**Vulnerability CVE-2017-16231**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12 | | deb | | debian:distro:debian:10 | [CVE-2017-16231](https://security-tracker.debian.org/tracker/CVE-2017-16231) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2017-18018-coreutils",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2017-18018 low vulnerability for coreutils package"
},
"fullDescription": {
"text": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2017-18018\nSeverity: low\nPackage: coreutils\nVersion: 8.30-3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2017-18018](https://security-tracker.debian.org/tracker/CVE-2017-18018)",
"markdown": "**Vulnerability CVE-2017-18018**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | coreutils | 8.30-3 | | deb | | debian:distro:debian:10 | [CVE-2017-18018](https://security-tracker.debian.org/tracker/CVE-2017-18018) |\n"
},
"properties": {
"security-severity": "4.7"
}
},
{
"id": "CVE-2017-7245-libpcre3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2017-7245 low vulnerability for libpcre3 package"
},
"fullDescription": {
"text": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2017-7245\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2017-7245](https://security-tracker.debian.org/tracker/CVE-2017-7245)",
"markdown": "**Vulnerability CVE-2017-7245**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12 | | deb | | debian:distro:debian:10 | [CVE-2017-7245](https://security-tracker.debian.org/tracker/CVE-2017-7245) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2017-7246-libpcre3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2017-7246 low vulnerability for libpcre3 package"
},
"fullDescription": {
"text": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2017-7246\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2017-7246](https://security-tracker.debian.org/tracker/CVE-2017-7246)",
"markdown": "**Vulnerability CVE-2017-7246**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12 | | deb | | debian:distro:debian:10 | [CVE-2017-7246](https://security-tracker.debian.org/tracker/CVE-2017-7246) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2018-1000654-libtasn1-6",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2018-1000654 low vulnerability for libtasn1-6 package"
},
"fullDescription": {
"text": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-1000654\nSeverity: low\nPackage: libtasn1-6\nVersion: 4.13-3+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-1000654](https://security-tracker.debian.org/tracker/CVE-2018-1000654)",
"markdown": "**Vulnerability CVE-2018-1000654**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libtasn1-6 | 4.13-3+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2018-1000654](https://security-tracker.debian.org/tracker/CVE-2018-1000654) |\n"
},
"properties": {
"security-severity": "7.1"
}
},
{
"id": "CVE-2018-12886-gcc-8-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-12886 high vulnerability for gcc-8-base package"
},
"fullDescription": {
"text": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-12886\nSeverity: high\nPackage: gcc-8-base\nVersion: 8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)",
"markdown": "**Vulnerability CVE-2018-12886**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | gcc-8-base | 8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886) |\n"
},
"properties": {
"security-severity": "8.1"
}
},
{
"id": "CVE-2018-12886-libgcc1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-12886 high vulnerability for libgcc1 package"
},
"fullDescription": {
"text": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-12886\nSeverity: high\nPackage: libgcc1\nVersion: 1:8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)",
"markdown": "**Vulnerability CVE-2018-12886**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libgcc1 | 1:8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886) |\n"
},
"properties": {
"security-severity": "8.1"
}
},
{
"id": "CVE-2018-12886-libstdc++6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-12886 high vulnerability for libstdc++6 package"
},
"fullDescription": {
"text": "stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-12886\nSeverity: high\nPackage: libstdc++6\nVersion: 8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886)",
"markdown": "**Vulnerability CVE-2018-12886**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libstdc++6 | 8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2018-12886](https://security-tracker.debian.org/tracker/CVE-2018-12886) |\n"
},
"properties": {
"security-severity": "8.1"
}
},
{
"id": "CVE-2018-20796-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-20796 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-20796\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-20796](https://security-tracker.debian.org/tracker/CVE-2018-20796)",
"markdown": "**Vulnerability CVE-2018-20796**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2018-20796](https://security-tracker.debian.org/tracker/CVE-2018-20796) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2018-20796-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-20796 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-20796\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-20796](https://security-tracker.debian.org/tracker/CVE-2018-20796)",
"markdown": "**Vulnerability CVE-2018-20796**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2018-20796](https://security-tracker.debian.org/tracker/CVE-2018-20796) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2018-6829-libgcrypt20",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2018-6829 low vulnerability for libgcrypt20 package"
},
"fullDescription": {
"text": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-6829\nSeverity: low\nPackage: libgcrypt20\nVersion: 1.8.4-5+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-6829](https://security-tracker.debian.org/tracker/CVE-2018-6829)",
"markdown": "**Vulnerability CVE-2018-6829**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libgcrypt20 | 1.8.4-5+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2018-6829](https://security-tracker.debian.org/tracker/CVE-2018-6829) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2018-7169-login",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-7169 low vulnerability for login package"
},
"fullDescription": {
"text": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-7169\nSeverity: low\nPackage: login\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-7169](https://security-tracker.debian.org/tracker/CVE-2018-7169)",
"markdown": "**Vulnerability CVE-2018-7169**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | login | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2018-7169](https://security-tracker.debian.org/tracker/CVE-2018-7169) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2018-7169-passwd",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2018-7169 low vulnerability for passwd package"
},
"fullDescription": {
"text": "An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used \"group blacklisting\" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2018-7169\nSeverity: low\nPackage: passwd\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2018-7169](https://security-tracker.debian.org/tracker/CVE-2018-7169)",
"markdown": "**Vulnerability CVE-2018-7169**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | passwd | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2018-7169](https://security-tracker.debian.org/tracker/CVE-2018-7169) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2019-1010022-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010022 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010022\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010022](https://security-tracker.debian.org/tracker/CVE-2019-1010022)",
"markdown": "**Vulnerability CVE-2019-1010022**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010022](https://security-tracker.debian.org/tracker/CVE-2019-1010022) |\n"
},
"properties": {
"security-severity": "9.8"
}
},
{
"id": "CVE-2019-1010022-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010022 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010022\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010022](https://security-tracker.debian.org/tracker/CVE-2019-1010022)",
"markdown": "**Vulnerability CVE-2019-1010022**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010022](https://security-tracker.debian.org/tracker/CVE-2019-1010022) |\n"
},
"properties": {
"security-severity": "9.8"
}
},
{
"id": "CVE-2019-1010023-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010023 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010023\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010023](https://security-tracker.debian.org/tracker/CVE-2019-1010023)",
"markdown": "**Vulnerability CVE-2019-1010023**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010023](https://security-tracker.debian.org/tracker/CVE-2019-1010023) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2019-1010023-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010023 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010023\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010023](https://security-tracker.debian.org/tracker/CVE-2019-1010023)",
"markdown": "**Vulnerability CVE-2019-1010023**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010023](https://security-tracker.debian.org/tracker/CVE-2019-1010023) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2019-1010024-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010024 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010024\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010024](https://security-tracker.debian.org/tracker/CVE-2019-1010024)",
"markdown": "**Vulnerability CVE-2019-1010024**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010024](https://security-tracker.debian.org/tracker/CVE-2019-1010024) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2019-1010024-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010024 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010024\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010024](https://security-tracker.debian.org/tracker/CVE-2019-1010024)",
"markdown": "**Vulnerability CVE-2019-1010024**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010024](https://security-tracker.debian.org/tracker/CVE-2019-1010024) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2019-1010025-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010025 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010025\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010025](https://security-tracker.debian.org/tracker/CVE-2019-1010025)",
"markdown": "**Vulnerability CVE-2019-1010025**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010025](https://security-tracker.debian.org/tracker/CVE-2019-1010025) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2019-1010025-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-1010025 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-1010025\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-1010025](https://security-tracker.debian.org/tracker/CVE-2019-1010025)",
"markdown": "**Vulnerability CVE-2019-1010025**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-1010025](https://security-tracker.debian.org/tracker/CVE-2019-1010025) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2019-11360-iptables",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2019-11360 low vulnerability for iptables package"
},
"fullDescription": {
"text": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-11360\nSeverity: low\nPackage: iptables\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360)",
"markdown": "**Vulnerability CVE-2019-11360**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | iptables | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360) |\n"
},
"properties": {
"security-severity": "4.2"
}
},
{
"id": "CVE-2019-11360-libip4tc0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-11360 low vulnerability for libip4tc0 package"
},
"fullDescription": {
"text": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-11360\nSeverity: low\nPackage: libip4tc0\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360)",
"markdown": "**Vulnerability CVE-2019-11360**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libip4tc0 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360) |\n"
},
"properties": {
"security-severity": "4.2"
}
},
{
"id": "CVE-2019-11360-libip6tc0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-11360 low vulnerability for libip6tc0 package"
},
"fullDescription": {
"text": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-11360\nSeverity: low\nPackage: libip6tc0\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360)",
"markdown": "**Vulnerability CVE-2019-11360**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libip6tc0 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360) |\n"
},
"properties": {
"security-severity": "4.2"
}
},
{
"id": "CVE-2019-11360-libiptc0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-11360 low vulnerability for libiptc0 package"
},
"fullDescription": {
"text": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-11360\nSeverity: low\nPackage: libiptc0\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360)",
"markdown": "**Vulnerability CVE-2019-11360**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libiptc0 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360) |\n"
},
"properties": {
"security-severity": "4.2"
}
},
{
"id": "CVE-2019-11360-libxtables12",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-11360 low vulnerability for libxtables12 package"
},
"fullDescription": {
"text": "A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-11360\nSeverity: low\nPackage: libxtables12\nVersion: 1.8.2-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360)",
"markdown": "**Vulnerability CVE-2019-11360**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libxtables12 | 1.8.2-4 | | deb | | debian:distro:debian:10 | [CVE-2019-11360](https://security-tracker.debian.org/tracker/CVE-2019-11360) |\n"
},
"properties": {
"security-severity": "4.2"
}
},
{
"id": "CVE-2019-12290-libidn2-0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-12290 high vulnerability for libidn2-0 package"
},
"fullDescription": {
"text": "GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-12290\nSeverity: high\nPackage: libidn2-0\nVersion: 2.0.5-1+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-12290](https://security-tracker.debian.org/tracker/CVE-2019-12290)",
"markdown": "**Vulnerability CVE-2019-12290**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libidn2-0 | 2.0.5-1+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2019-12290](https://security-tracker.debian.org/tracker/CVE-2019-12290) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-13627-libgcrypt20",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2019-13627 medium vulnerability for libgcrypt20 package"
},
"fullDescription": {
"text": "It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-13627\nSeverity: medium\nPackage: libgcrypt20\nVersion: 1.8.4-5+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-13627](https://security-tracker.debian.org/tracker/CVE-2019-13627)",
"markdown": "**Vulnerability CVE-2019-13627**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgcrypt20 | 1.8.4-5+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2019-13627](https://security-tracker.debian.org/tracker/CVE-2019-13627) |\n"
},
"properties": {
"security-severity": "6.3"
}
},
{
"id": "CVE-2019-14855-gpgv",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-14855 low vulnerability for gpgv package"
},
"fullDescription": {
"text": "A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-14855\nSeverity: low\nPackage: gpgv\nVersion: 2.2.12-1+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-14855](https://security-tracker.debian.org/tracker/CVE-2019-14855)",
"markdown": "**Vulnerability CVE-2019-14855**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | gpgv | 2.2.12-1+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-14855](https://security-tracker.debian.org/tracker/CVE-2019-14855) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-15847-gcc-8-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-15847 high vulnerability for gcc-8-base package"
},
"fullDescription": {
"text": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-15847\nSeverity: high\nPackage: gcc-8-base\nVersion: 8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)",
"markdown": "**Vulnerability CVE-2019-15847**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | gcc-8-base | 8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-15847-libgcc1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-15847 high vulnerability for libgcc1 package"
},
"fullDescription": {
"text": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-15847\nSeverity: high\nPackage: libgcc1\nVersion: 1:8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)",
"markdown": "**Vulnerability CVE-2019-15847**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libgcc1 | 1:8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-15847-libstdc++6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-15847 high vulnerability for libstdc++6 package"
},
"fullDescription": {
"text": "The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-15847\nSeverity: high\nPackage: libstdc++6\nVersion: 8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847)",
"markdown": "**Vulnerability CVE-2019-15847**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libstdc++6 | 8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2019-15847](https://security-tracker.debian.org/tracker/CVE-2019-15847) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-17543-liblz4-1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-17543 low vulnerability for liblz4-1 package"
},
"fullDescription": {
"text": "LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states \"only a few specific / uncommon usages of the API are at risk.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-17543\nSeverity: low\nPackage: liblz4-1\nVersion: 1.8.3-1+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-17543](https://security-tracker.debian.org/tracker/CVE-2019-17543)",
"markdown": "**Vulnerability CVE-2019-17543**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | liblz4-1 | 1.8.3-1+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2019-17543](https://security-tracker.debian.org/tracker/CVE-2019-17543) |\n"
},
"properties": {
"security-severity": "8.1"
}
},
{
"id": "CVE-2019-18276-bash",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2019-18276 low vulnerability for bash package"
},
"fullDescription": {
"text": "An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support \"saved UID\" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use \"enable -f\" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-18276\nSeverity: low\nPackage: bash\nVersion: 5.0-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-18276](https://security-tracker.debian.org/tracker/CVE-2019-18276)",
"markdown": "**Vulnerability CVE-2019-18276**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | bash | 5.0-4 | | deb | | debian:distro:debian:10 | [CVE-2019-18276](https://security-tracker.debian.org/tracker/CVE-2019-18276) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-19882-login",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-19882 low vulnerability for login package"
},
"fullDescription": {
"text": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8)."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-19882\nSeverity: low\nPackage: login\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-19882](https://security-tracker.debian.org/tracker/CVE-2019-19882)",
"markdown": "**Vulnerability CVE-2019-19882**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | login | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2019-19882](https://security-tracker.debian.org/tracker/CVE-2019-19882) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-19882-passwd",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-19882 low vulnerability for passwd package"
},
"fullDescription": {
"text": "shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8)."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-19882\nSeverity: low\nPackage: passwd\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-19882](https://security-tracker.debian.org/tracker/CVE-2019-19882)",
"markdown": "**Vulnerability CVE-2019-19882**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | passwd | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2019-19882](https://security-tracker.debian.org/tracker/CVE-2019-19882) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-20386-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-20386 low vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-20386\nSeverity: low\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-20386](https://security-tracker.debian.org/tracker/CVE-2019-20386)",
"markdown": "**Vulnerability CVE-2019-20386**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2019-20386](https://security-tracker.debian.org/tracker/CVE-2019-20386) |\n"
},
"properties": {
"security-severity": "2.4"
}
},
{
"id": "CVE-2019-20386-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-20386 low vulnerability for libudev1 package"
},
"fullDescription": {
"text": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-20386\nSeverity: low\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-20386](https://security-tracker.debian.org/tracker/CVE-2019-20386)",
"markdown": "**Vulnerability CVE-2019-20386**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2019-20386](https://security-tracker.debian.org/tracker/CVE-2019-20386) |\n"
},
"properties": {
"security-severity": "2.4"
}
},
{
"id": "CVE-2019-20795-iproute2",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2019-20795 medium vulnerability for iproute2 package"
},
"fullDescription": {
"text": "iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-20795\nSeverity: medium\nPackage: iproute2\nVersion: 4.20.0-2+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-20795](https://security-tracker.debian.org/tracker/CVE-2019-20795)",
"markdown": "**Vulnerability CVE-2019-20795**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | iproute2 | 4.20.0-2+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2019-20795](https://security-tracker.debian.org/tracker/CVE-2019-20795) |\n"
},
"properties": {
"security-severity": "4.4"
}
},
{
"id": "CVE-2019-20838-libpcre3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-20838 low vulnerability for libpcre3 package"
},
"fullDescription": {
"text": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-20838\nSeverity: low\nPackage: libpcre3\nVersion: 2:8.39-12\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-20838](https://security-tracker.debian.org/tracker/CVE-2019-20838)",
"markdown": "**Vulnerability CVE-2019-20838**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libpcre3 | 2:8.39-12 | | deb | | debian:distro:debian:10 | [CVE-2019-20838](https://security-tracker.debian.org/tracker/CVE-2019-20838) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-3843-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-3843 high vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-3843\nSeverity: high\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-3843](https://security-tracker.debian.org/tracker/CVE-2019-3843)",
"markdown": "**Vulnerability CVE-2019-3843**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2019-3843](https://security-tracker.debian.org/tracker/CVE-2019-3843) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-3843-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-3843 high vulnerability for libudev1 package"
},
"fullDescription": {
"text": "It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-3843\nSeverity: high\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-3843](https://security-tracker.debian.org/tracker/CVE-2019-3843)",
"markdown": "**Vulnerability CVE-2019-3843**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2019-3843](https://security-tracker.debian.org/tracker/CVE-2019-3843) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-3844-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-3844 high vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-3844\nSeverity: high\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-3844](https://security-tracker.debian.org/tracker/CVE-2019-3844)",
"markdown": "**Vulnerability CVE-2019-3844**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2019-3844](https://security-tracker.debian.org/tracker/CVE-2019-3844) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-3844-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-3844 high vulnerability for libudev1 package"
},
"fullDescription": {
"text": "It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-3844\nSeverity: high\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-3844](https://security-tracker.debian.org/tracker/CVE-2019-3844)",
"markdown": "**Vulnerability CVE-2019-3844**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2019-3844](https://security-tracker.debian.org/tracker/CVE-2019-3844) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2019-8457-libdb5.3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-8457 low vulnerability for libdb5.3 package"
},
"fullDescription": {
"text": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-8457\nSeverity: low\nPackage: libdb5.3\nVersion: 5.3.28+dfsg1-0.5\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-8457](https://security-tracker.debian.org/tracker/CVE-2019-8457)",
"markdown": "**Vulnerability CVE-2019-8457**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libdb5.3 | 5.3.28+dfsg1-0.5 | | deb | | debian:distro:debian:10 | [CVE-2019-8457](https://security-tracker.debian.org/tracker/CVE-2019-8457) |\n"
},
"properties": {
"security-severity": "9.8"
}
},
{
"id": "CVE-2019-9192-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-9192 low vulnerability for libc-bin package"
},
"fullDescription": {
"text": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-9192\nSeverity: low\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-9192](https://security-tracker.debian.org/tracker/CVE-2019-9192)",
"markdown": "**Vulnerability CVE-2019-9192**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-9192](https://security-tracker.debian.org/tracker/CVE-2019-9192) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-9192-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-9192 low vulnerability for libc6 package"
},
"fullDescription": {
"text": "** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-9192\nSeverity: low\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-9192](https://security-tracker.debian.org/tracker/CVE-2019-9192)",
"markdown": "**Vulnerability CVE-2019-9192**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2019-9192](https://security-tracker.debian.org/tracker/CVE-2019-9192) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2019-9893-libseccomp2",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2019-9893 low vulnerability for libseccomp2 package"
},
"fullDescription": {
"text": "libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-9893\nSeverity: low\nPackage: libseccomp2\nVersion: 2.3.3-4\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-9893](https://security-tracker.debian.org/tracker/CVE-2019-9893)",
"markdown": "**Vulnerability CVE-2019-9893**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libseccomp2 | 2.3.3-4 | | deb | | debian:distro:debian:10 | [CVE-2019-9893](https://security-tracker.debian.org/tracker/CVE-2019-9893) |\n"
},
"properties": {
"security-severity": "9.8"
}
},
{
"id": "CVE-2019-9923-tar",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2019-9923 low vulnerability for tar package"
},
"fullDescription": {
"text": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2019-9923\nSeverity: low\nPackage: tar\nVersion: 1.30+dfsg-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2019-9923](https://security-tracker.debian.org/tracker/CVE-2019-9923)",
"markdown": "**Vulnerability CVE-2019-9923**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | tar | 1.30+dfsg-6 | | deb | | debian:distro:debian:10 | [CVE-2019-9923](https://security-tracker.debian.org/tracker/CVE-2019-9923) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2020-13529-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-13529 low vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-13529\nSeverity: low\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-13529](https://security-tracker.debian.org/tracker/CVE-2020-13529)",
"markdown": "**Vulnerability CVE-2020-13529**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2020-13529](https://security-tracker.debian.org/tracker/CVE-2020-13529) |\n"
},
"properties": {
"security-severity": "6.1"
}
},
{
"id": "CVE-2020-13529-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-13529 low vulnerability for libudev1 package"
},
"fullDescription": {
"text": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-13529\nSeverity: low\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-13529](https://security-tracker.debian.org/tracker/CVE-2020-13529)",
"markdown": "**Vulnerability CVE-2020-13529**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2020-13529](https://security-tracker.debian.org/tracker/CVE-2020-13529) |\n"
},
"properties": {
"security-severity": "6.1"
}
},
{
"id": "CVE-2020-14155-libpcre3",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-14155 medium vulnerability for libpcre3 package"
},
"fullDescription": {
"text": "libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-14155\nSeverity: medium\nPackage: libpcre3\nVersion: 2:8.39-12\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-14155](https://security-tracker.debian.org/tracker/CVE-2020-14155)",
"markdown": "**Vulnerability CVE-2020-14155**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libpcre3 | 2:8.39-12 | | deb | | debian:distro:debian:10 | [CVE-2020-14155](https://security-tracker.debian.org/tracker/CVE-2020-14155) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2020-16156-perl-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-16156 high vulnerability for perl-base package"
},
"fullDescription": {
"text": "CPAN 2.28 allows Signature Verification Bypass."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-16156\nSeverity: high\nPackage: perl-base\nVersion: 5.28.1-6+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-16156](https://security-tracker.debian.org/tracker/CVE-2020-16156)",
"markdown": "**Vulnerability CVE-2020-16156**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | perl-base | 5.28.1-6+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2020-16156](https://security-tracker.debian.org/tracker/CVE-2020-16156) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2020-1751-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-1751 high vulnerability for libc-bin package"
},
"fullDescription": {
"text": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-1751\nSeverity: high\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-1751](https://security-tracker.debian.org/tracker/CVE-2020-1751)",
"markdown": "**Vulnerability CVE-2020-1751**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2020-1751](https://security-tracker.debian.org/tracker/CVE-2020-1751) |\n"
},
"properties": {
"security-severity": "7.0"
}
},
{
"id": "CVE-2020-1751-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-1751 high vulnerability for libc6 package"
},
"fullDescription": {
"text": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-1751\nSeverity: high\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-1751](https://security-tracker.debian.org/tracker/CVE-2020-1751)",
"markdown": "**Vulnerability CVE-2020-1751**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2020-1751](https://security-tracker.debian.org/tracker/CVE-2020-1751) |\n"
},
"properties": {
"security-severity": "7.0"
}
},
{
"id": "CVE-2020-19185-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19185 medium vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19185\nSeverity: medium\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185)",
"markdown": "**Vulnerability CVE-2020-19185**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19185-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19185 medium vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19185\nSeverity: medium\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185)",
"markdown": "**Vulnerability CVE-2020-19185**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19185-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19185 medium vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19185\nSeverity: medium\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185)",
"markdown": "**Vulnerability CVE-2020-19185**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19185-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19185 medium vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19185\nSeverity: medium\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185)",
"markdown": "**Vulnerability CVE-2020-19185**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19185-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19185 medium vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19185\nSeverity: medium\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185)",
"markdown": "**Vulnerability CVE-2020-19185**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19185](https://security-tracker.debian.org/tracker/CVE-2020-19185) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19186-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19186 medium vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19186\nSeverity: medium\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186)",
"markdown": "**Vulnerability CVE-2020-19186**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19186-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19186 medium vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19186\nSeverity: medium\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186)",
"markdown": "**Vulnerability CVE-2020-19186**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19186-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19186 medium vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19186\nSeverity: medium\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186)",
"markdown": "**Vulnerability CVE-2020-19186**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19186-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19186 medium vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19186\nSeverity: medium\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186)",
"markdown": "**Vulnerability CVE-2020-19186**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19186-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19186 medium vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19186\nSeverity: medium\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186)",
"markdown": "**Vulnerability CVE-2020-19186**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19186](https://security-tracker.debian.org/tracker/CVE-2020-19186) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19187-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19187 medium vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19187\nSeverity: medium\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187)",
"markdown": "**Vulnerability CVE-2020-19187**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19187-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19187 medium vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19187\nSeverity: medium\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187)",
"markdown": "**Vulnerability CVE-2020-19187**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19187-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19187 medium vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19187\nSeverity: medium\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187)",
"markdown": "**Vulnerability CVE-2020-19187**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19187-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19187 medium vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19187\nSeverity: medium\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187)",
"markdown": "**Vulnerability CVE-2020-19187**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19187-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19187 medium vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19187\nSeverity: medium\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187)",
"markdown": "**Vulnerability CVE-2020-19187**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19187](https://security-tracker.debian.org/tracker/CVE-2020-19187) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19188-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19188 medium vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19188\nSeverity: medium\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188)",
"markdown": "**Vulnerability CVE-2020-19188**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19188-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19188 medium vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19188\nSeverity: medium\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188)",
"markdown": "**Vulnerability CVE-2020-19188**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19188-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19188 medium vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19188\nSeverity: medium\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188)",
"markdown": "**Vulnerability CVE-2020-19188**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19188-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19188 medium vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19188\nSeverity: medium\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188)",
"markdown": "**Vulnerability CVE-2020-19188**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19188-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19188 medium vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19188\nSeverity: medium\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188)",
"markdown": "**Vulnerability CVE-2020-19188**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19188](https://security-tracker.debian.org/tracker/CVE-2020-19188) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19189-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19189 medium vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19189\nSeverity: medium\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189)",
"markdown": "**Vulnerability CVE-2020-19189**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19189-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19189 medium vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19189\nSeverity: medium\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189)",
"markdown": "**Vulnerability CVE-2020-19189**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19189-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19189 medium vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19189\nSeverity: medium\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189)",
"markdown": "**Vulnerability CVE-2020-19189**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19189-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19189 medium vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19189\nSeverity: medium\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189)",
"markdown": "**Vulnerability CVE-2020-19189**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19189-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19189 medium vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19189\nSeverity: medium\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189)",
"markdown": "**Vulnerability CVE-2020-19189**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19189](https://security-tracker.debian.org/tracker/CVE-2020-19189) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19190-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19190 medium vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19190\nSeverity: medium\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190)",
"markdown": "**Vulnerability CVE-2020-19190**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19190-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19190 medium vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19190\nSeverity: medium\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190)",
"markdown": "**Vulnerability CVE-2020-19190**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19190-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19190 medium vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19190\nSeverity: medium\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190)",
"markdown": "**Vulnerability CVE-2020-19190**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19190-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19190 medium vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19190\nSeverity: medium\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190)",
"markdown": "**Vulnerability CVE-2020-19190**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-19190-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-19190 medium vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-19190\nSeverity: medium\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190)",
"markdown": "**Vulnerability CVE-2020-19190**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2020-19190](https://security-tracker.debian.org/tracker/CVE-2020-19190) |\n"
},
"properties": {
"security-severity": "6.5"
}
},
{
"id": "CVE-2020-21047-libelf1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2020-21047 medium vulnerability for libelf1 package"
},
"fullDescription": {
"text": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2020-21047\nSeverity: medium\nPackage: libelf1\nVersion: 0.176-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2020-21047](https://security-tracker.debian.org/tracker/CVE-2020-21047)",
"markdown": "**Vulnerability CVE-2020-21047**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libelf1 | 0.176-1.1 | | deb | | debian:distro:debian:10 | [CVE-2020-21047](https://security-tracker.debian.org/tracker/CVE-2020-21047) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-20193-tar",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2021-20193 low vulnerability for tar package"
},
"fullDescription": {
"text": "A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-20193\nSeverity: low\nPackage: tar\nVersion: 1.30+dfsg-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-20193](https://security-tracker.debian.org/tracker/CVE-2021-20193)",
"markdown": "**Vulnerability CVE-2021-20193**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | tar | 1.30+dfsg-6 | | deb | | debian:distro:debian:10 | [CVE-2021-20193](https://security-tracker.debian.org/tracker/CVE-2021-20193) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-33294-libelf1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-33294 low vulnerability for libelf1 package"
},
"fullDescription": {
"text": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-33294\nSeverity: low\nPackage: libelf1\nVersion: 0.176-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-33294](https://security-tracker.debian.org/tracker/CVE-2021-33294)",
"markdown": "**Vulnerability CVE-2021-33294**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libelf1 | 0.176-1.1 | | deb | | debian:distro:debian:10 | [CVE-2021-33294](https://security-tracker.debian.org/tracker/CVE-2021-33294) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-33560-libgcrypt20",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2021-33560 high vulnerability for libgcrypt20 package"
},
"fullDescription": {
"text": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-33560\nSeverity: high\nPackage: libgcrypt20\nVersion: 1.8.4-5+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-33560](https://security-tracker.debian.org/tracker/CVE-2021-33560)",
"markdown": "**Vulnerability CVE-2021-33560**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libgcrypt20 | 1.8.4-5+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2021-33560](https://security-tracker.debian.org/tracker/CVE-2021-33560) |\n"
},
"properties": {
"security-severity": "7.5"
}
},
{
"id": "CVE-2021-36084-libsepol1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-36084 low vulnerability for libsepol1 package"
},
"fullDescription": {
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper)."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-36084\nSeverity: low\nPackage: libsepol1\nVersion: 2.8-1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-36084](https://security-tracker.debian.org/tracker/CVE-2021-36084)",
"markdown": "**Vulnerability CVE-2021-36084**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 2.8-1 | | deb | | debian:distro:debian:10 | [CVE-2021-36084](https://security-tracker.debian.org/tracker/CVE-2021-36084) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2021-36085-libsepol1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-36085 low vulnerability for libsepol1 package"
},
"fullDescription": {
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map)."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-36085\nSeverity: low\nPackage: libsepol1\nVersion: 2.8-1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-36085](https://security-tracker.debian.org/tracker/CVE-2021-36085)",
"markdown": "**Vulnerability CVE-2021-36085**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 2.8-1 | | deb | | debian:distro:debian:10 | [CVE-2021-36085](https://security-tracker.debian.org/tracker/CVE-2021-36085) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2021-36086-libsepol1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-36086 low vulnerability for libsepol1 package"
},
"fullDescription": {
"text": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list)."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-36086\nSeverity: low\nPackage: libsepol1\nVersion: 2.8-1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-36086](https://security-tracker.debian.org/tracker/CVE-2021-36086)",
"markdown": "**Vulnerability CVE-2021-36086**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 2.8-1 | | deb | | debian:distro:debian:10 | [CVE-2021-36086](https://security-tracker.debian.org/tracker/CVE-2021-36086) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2021-36087-libsepol1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-36087 low vulnerability for libsepol1 package"
},
"fullDescription": {
"text": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-36087\nSeverity: low\nPackage: libsepol1\nVersion: 2.8-1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-36087](https://security-tracker.debian.org/tracker/CVE-2021-36087)",
"markdown": "**Vulnerability CVE-2021-36087**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsepol1 | 2.8-1 | | deb | | debian:distro:debian:10 | [CVE-2021-36087](https://security-tracker.debian.org/tracker/CVE-2021-36087) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2021-37600-bsdutils",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for bsdutils package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: bsdutils\nVersion: 1:2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | bsdutils | 1:2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-fdisk",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for fdisk package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: fdisk\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | fdisk | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-libblkid1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for libblkid1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: libblkid1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libblkid1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-libfdisk1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for libfdisk1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: libfdisk1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libfdisk1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-libmount1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for libmount1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: libmount1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libmount1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-libsmartcols1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for libsmartcols1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: libsmartcols1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsmartcols1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-libuuid1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for libuuid1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: libuuid1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libuuid1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-mount",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for mount package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: mount\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | mount | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-37600-util-linux",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2021-37600 low vulnerability for util-linux package"
},
"fullDescription": {
"text": "** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-37600\nSeverity: low\nPackage: util-linux\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600)",
"markdown": "**Vulnerability CVE-2021-37600**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | util-linux | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2021-37600](https://security-tracker.debian.org/tracker/CVE-2021-37600) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-39537-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-39537 low vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-39537\nSeverity: low\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537)",
"markdown": "**Vulnerability CVE-2021-39537**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2021-39537-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-39537 low vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-39537\nSeverity: low\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537)",
"markdown": "**Vulnerability CVE-2021-39537**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2021-39537-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-39537 low vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-39537\nSeverity: low\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537)",
"markdown": "**Vulnerability CVE-2021-39537**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2021-39537-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-39537 low vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-39537\nSeverity: low\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537)",
"markdown": "**Vulnerability CVE-2021-39537**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2021-39537-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-39537 low vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-39537\nSeverity: low\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537)",
"markdown": "**Vulnerability CVE-2021-39537**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2021-39537](https://security-tracker.debian.org/tracker/CVE-2021-39537) |\n"
},
"properties": {
"security-severity": "8.8"
}
},
{
"id": "CVE-2021-3997-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-3997 medium vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-3997\nSeverity: medium\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-3997](https://security-tracker.debian.org/tracker/CVE-2021-3997)",
"markdown": "**Vulnerability CVE-2021-3997**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2021-3997](https://security-tracker.debian.org/tracker/CVE-2021-3997) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2021-3997-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2021-3997 medium vulnerability for libudev1 package"
},
"fullDescription": {
"text": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2021-3997\nSeverity: medium\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2021-3997](https://security-tracker.debian.org/tracker/CVE-2021-3997)",
"markdown": "**Vulnerability CVE-2021-3997**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2021-3997](https://security-tracker.debian.org/tracker/CVE-2021-3997) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-bsdutils",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for bsdutils package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: bsdutils\nVersion: 1:2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | bsdutils | 1:2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-fdisk",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for fdisk package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: fdisk\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | fdisk | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-libblkid1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for libblkid1 package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: libblkid1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libblkid1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-libfdisk1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for libfdisk1 package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: libfdisk1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libfdisk1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-libmount1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for libmount1 package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: libmount1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libmount1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-libsmartcols1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for libsmartcols1 package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: libsmartcols1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsmartcols1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-libuuid1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for libuuid1 package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: libuuid1\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libuuid1 | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-mount",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for mount package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: mount\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | mount | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-0563-util-linux",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2022-0563 low vulnerability for util-linux package"
},
"fullDescription": {
"text": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-0563\nSeverity: low\nPackage: util-linux\nVersion: 2.33.1-0.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563)",
"markdown": "**Vulnerability CVE-2022-0563**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | util-linux | 2.33.1-0.1 | | deb | | debian:distro:debian:10 | [CVE-2022-0563](https://security-tracker.debian.org/tracker/CVE-2022-0563) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-1304-e2fsprogs",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2022-1304 high vulnerability for e2fsprogs package"
},
"fullDescription": {
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-1304\nSeverity: high\nPackage: e2fsprogs\nVersion: 1.44.5-1+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304)",
"markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | e2fsprogs | 1.44.5-1+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2022-1304-libcom-err2",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-1304 high vulnerability for libcom-err2 package"
},
"fullDescription": {
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-1304\nSeverity: high\nPackage: libcom-err2\nVersion: 1.44.5-1+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304)",
"markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libcom-err2 | 1.44.5-1+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2022-1304-libext2fs2",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-1304 high vulnerability for libext2fs2 package"
},
"fullDescription": {
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-1304\nSeverity: high\nPackage: libext2fs2\nVersion: 1.44.5-1+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304)",
"markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libext2fs2 | 1.44.5-1+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2022-1304-libss2",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-1304 high vulnerability for libss2 package"
},
"fullDescription": {
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-1304\nSeverity: high\nPackage: libss2\nVersion: 1.44.5-1+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304)",
"markdown": "**Vulnerability CVE-2022-1304**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libss2 | 1.44.5-1+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2022-1304](https://security-tracker.debian.org/tracker/CVE-2022-1304) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2022-3219-gpgv",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-3219 low vulnerability for gpgv package"
},
"fullDescription": {
"text": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-3219\nSeverity: low\nPackage: gpgv\nVersion: 2.2.12-1+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-3219](https://security-tracker.debian.org/tracker/CVE-2022-3219)",
"markdown": "**Vulnerability CVE-2022-3219**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | gpgv | 2.2.12-1+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2022-3219](https://security-tracker.debian.org/tracker/CVE-2022-3219) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2022-4415-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-4415 medium vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-4415\nSeverity: medium\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-4415](https://security-tracker.debian.org/tracker/CVE-2022-4415)",
"markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2022-4415](https://security-tracker.debian.org/tracker/CVE-2022-4415) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-4415-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2022-4415 medium vulnerability for libudev1 package"
},
"fullDescription": {
"text": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-4415\nSeverity: medium\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-4415](https://security-tracker.debian.org/tracker/CVE-2022-4415)",
"markdown": "**Vulnerability CVE-2022-4415**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2022-4415](https://security-tracker.debian.org/tracker/CVE-2022-4415) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2022-48303-tar",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2022-48303 low vulnerability for tar package"
},
"fullDescription": {
"text": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2022-48303\nSeverity: low\nPackage: tar\nVersion: 1.30+dfsg-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2022-48303](https://security-tracker.debian.org/tracker/CVE-2022-48303)",
"markdown": "**Vulnerability CVE-2022-48303**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | tar | 1.30+dfsg-6 | | deb | | debian:distro:debian:10 | [CVE-2022-48303](https://security-tracker.debian.org/tracker/CVE-2022-48303) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2023-29383-login",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29383 low vulnerability for login package"
},
"fullDescription": {
"text": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29383\nSeverity: low\nPackage: login\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29383](https://security-tracker.debian.org/tracker/CVE-2023-29383)",
"markdown": "**Vulnerability CVE-2023-29383**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | login | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2023-29383](https://security-tracker.debian.org/tracker/CVE-2023-29383) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2023-29383-passwd",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29383 low vulnerability for passwd package"
},
"fullDescription": {
"text": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29383\nSeverity: low\nPackage: passwd\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29383](https://security-tracker.debian.org/tracker/CVE-2023-29383)",
"markdown": "**Vulnerability CVE-2023-29383**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | passwd | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2023-29383](https://security-tracker.debian.org/tracker/CVE-2023-29383) |\n"
},
"properties": {
"security-severity": "3.3"
}
},
{
"id": "CVE-2023-29491-libncurses6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29491 high vulnerability for libncurses6 package"
},
"fullDescription": {
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29491\nSeverity: high\nPackage: libncurses6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491)",
"markdown": "**Vulnerability CVE-2023-29491**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libncurses6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2023-29491-libncursesw6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29491 high vulnerability for libncursesw6 package"
},
"fullDescription": {
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29491\nSeverity: high\nPackage: libncursesw6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491)",
"markdown": "**Vulnerability CVE-2023-29491**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libncursesw6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2023-29491-libtinfo6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29491 high vulnerability for libtinfo6 package"
},
"fullDescription": {
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29491\nSeverity: high\nPackage: libtinfo6\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491)",
"markdown": "**Vulnerability CVE-2023-29491**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | libtinfo6 | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2023-29491-ncurses-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29491 high vulnerability for ncurses-base package"
},
"fullDescription": {
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29491\nSeverity: high\nPackage: ncurses-base\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491)",
"markdown": "**Vulnerability CVE-2023-29491**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | ncurses-base | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2023-29491-ncurses-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-29491 high vulnerability for ncurses-bin package"
},
"fullDescription": {
"text": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-29491\nSeverity: high\nPackage: ncurses-bin\nVersion: 6.1+20181013-2+deb10u3\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491)",
"markdown": "**Vulnerability CVE-2023-29491**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | ncurses-bin | 6.1+20181013-2+deb10u3 | | deb | | debian:distro:debian:10 | [CVE-2023-29491](https://security-tracker.debian.org/tracker/CVE-2023-29491) |\n"
},
"properties": {
"security-severity": "7.8"
}
},
{
"id": "CVE-2023-31437-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31437 low vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31437\nSeverity: low\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31437](https://security-tracker.debian.org/tracker/CVE-2023-31437)",
"markdown": "**Vulnerability CVE-2023-31437**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2023-31437](https://security-tracker.debian.org/tracker/CVE-2023-31437) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2023-31437-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31437 low vulnerability for libudev1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31437\nSeverity: low\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31437](https://security-tracker.debian.org/tracker/CVE-2023-31437)",
"markdown": "**Vulnerability CVE-2023-31437**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2023-31437](https://security-tracker.debian.org/tracker/CVE-2023-31437) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2023-31438-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31438 low vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31438\nSeverity: low\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31438](https://security-tracker.debian.org/tracker/CVE-2023-31438)",
"markdown": "**Vulnerability CVE-2023-31438**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2023-31438](https://security-tracker.debian.org/tracker/CVE-2023-31438) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2023-31438-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31438 low vulnerability for libudev1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31438\nSeverity: low\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31438](https://security-tracker.debian.org/tracker/CVE-2023-31438)",
"markdown": "**Vulnerability CVE-2023-31438**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2023-31438](https://security-tracker.debian.org/tracker/CVE-2023-31438) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2023-31439-libsystemd0",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31439 low vulnerability for libsystemd0 package"
},
"fullDescription": {
"text": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31439\nSeverity: low\nPackage: libsystemd0\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31439](https://security-tracker.debian.org/tracker/CVE-2023-31439)",
"markdown": "**Vulnerability CVE-2023-31439**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libsystemd0 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2023-31439](https://security-tracker.debian.org/tracker/CVE-2023-31439) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2023-31439-libudev1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31439 low vulnerability for libudev1 package"
},
"fullDescription": {
"text": "** DISPUTED ** An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\""
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31439\nSeverity: low\nPackage: libudev1\nVersion: 241-7~deb10u10\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31439](https://security-tracker.debian.org/tracker/CVE-2023-31439)",
"markdown": "**Vulnerability CVE-2023-31439**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | libudev1 | 241-7~deb10u10 | | deb | | debian:distro:debian:10 | [CVE-2023-31439](https://security-tracker.debian.org/tracker/CVE-2023-31439) |\n"
},
"properties": {
"security-severity": "5.3"
}
},
{
"id": "CVE-2023-31484-perl-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31484 high vulnerability for perl-base package"
},
"fullDescription": {
"text": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31484\nSeverity: high\nPackage: perl-base\nVersion: 5.28.1-6+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31484](https://security-tracker.debian.org/tracker/CVE-2023-31484)",
"markdown": "**Vulnerability CVE-2023-31484**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high | perl-base | 5.28.1-6+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2023-31484](https://security-tracker.debian.org/tracker/CVE-2023-31484) |\n"
},
"properties": {
"security-severity": "8.1"
}
},
{
"id": "CVE-2023-31486-perl-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-31486 low vulnerability for perl-base package"
},
"fullDescription": {
"text": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-31486\nSeverity: low\nPackage: perl-base\nVersion: 5.28.1-6+deb10u1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-31486](https://security-tracker.debian.org/tracker/CVE-2023-31486)",
"markdown": "**Vulnerability CVE-2023-31486**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | perl-base | 5.28.1-6+deb10u1 | | deb | | debian:distro:debian:10 | [CVE-2023-31486](https://security-tracker.debian.org/tracker/CVE-2023-31486) |\n"
},
"properties": {
"security-severity": "8.1"
}
},
{
"id": "CVE-2023-4016-libprocps7",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4016 medium vulnerability for libprocps7 package"
},
"fullDescription": {
"text": "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4016\nSeverity: medium\nPackage: libprocps7\nVersion: 2:3.3.15-2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4016](https://security-tracker.debian.org/tracker/CVE-2023-4016)",
"markdown": "**Vulnerability CVE-2023-4016**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libprocps7 | 2:3.3.15-2 | | deb | | debian:distro:debian:10 | [CVE-2023-4016](https://security-tracker.debian.org/tracker/CVE-2023-4016) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2023-4016-procps",
"name": "DpkgMatcherExactDirectMatch",
"shortDescription": {
"text": "CVE-2023-4016 medium vulnerability for procps package"
},
"fullDescription": {
"text": "Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4016\nSeverity: medium\nPackage: procps\nVersion: 2:3.3.15-2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4016](https://security-tracker.debian.org/tracker/CVE-2023-4016)",
"markdown": "**Vulnerability CVE-2023-4016**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | procps | 2:3.3.15-2 | | deb | | debian:distro:debian:10 | [CVE-2023-4016](https://security-tracker.debian.org/tracker/CVE-2023-4016) |\n"
},
"properties": {
"security-severity": "5.5"
}
},
{
"id": "CVE-2023-4039-gcc-8-base",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4039 medium vulnerability for gcc-8-base package"
},
"fullDescription": {
"text": "\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4039\nSeverity: medium\nPackage: gcc-8-base\nVersion: 8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039)",
"markdown": "**Vulnerability CVE-2023-4039**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | gcc-8-base | 8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039) |\n"
},
"properties": {
"security-severity": "4.8"
}
},
{
"id": "CVE-2023-4039-libgcc1",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4039 medium vulnerability for libgcc1 package"
},
"fullDescription": {
"text": "\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4039\nSeverity: medium\nPackage: libgcc1\nVersion: 1:8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039)",
"markdown": "**Vulnerability CVE-2023-4039**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libgcc1 | 1:8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039) |\n"
},
"properties": {
"security-severity": "4.8"
}
},
{
"id": "CVE-2023-4039-libstdc++6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4039 medium vulnerability for libstdc++6 package"
},
"fullDescription": {
"text": "\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n"
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4039\nSeverity: medium\nPackage: libstdc++6\nVersion: 8.3.0-6\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039)",
"markdown": "**Vulnerability CVE-2023-4039**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libstdc++6 | 8.3.0-6 | | deb | | debian:distro:debian:10 | [CVE-2023-4039](https://security-tracker.debian.org/tracker/CVE-2023-4039) |\n"
},
"properties": {
"security-severity": "4.8"
}
},
{
"id": "CVE-2023-4641-login",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4641 low vulnerability for login package"
},
"fullDescription": {
"text": "Version 1:4.5-1.1 is affected with no fixes reported yet."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4641\nSeverity: low\nPackage: login\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4641](https://security-tracker.debian.org/tracker/CVE-2023-4641)",
"markdown": "**Vulnerability CVE-2023-4641**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | login | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2023-4641](https://security-tracker.debian.org/tracker/CVE-2023-4641) |\n"
},
"properties": {
"security-severity": "0.0"
}
},
{
"id": "CVE-2023-4641-passwd",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4641 low vulnerability for passwd package"
},
"fullDescription": {
"text": "Version 1:4.5-1.1 is affected with no fixes reported yet."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4641\nSeverity: low\nPackage: passwd\nVersion: 1:4.5-1.1\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4641](https://security-tracker.debian.org/tracker/CVE-2023-4641)",
"markdown": "**Vulnerability CVE-2023-4641**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low | passwd | 1:4.5-1.1 | | deb | | debian:distro:debian:10 | [CVE-2023-4641](https://security-tracker.debian.org/tracker/CVE-2023-4641) |\n"
},
"properties": {
"security-severity": "0.0"
}
},
{
"id": "CVE-2023-4806-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4806 medium vulnerability for libc-bin package"
},
"fullDescription": {
"text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4806\nSeverity: medium\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4806](https://security-tracker.debian.org/tracker/CVE-2023-4806)",
"markdown": "**Vulnerability CVE-2023-4806**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2023-4806](https://security-tracker.debian.org/tracker/CVE-2023-4806) |\n"
},
"properties": {
"security-severity": "5.9"
}
},
{
"id": "CVE-2023-4806-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4806 medium vulnerability for libc6 package"
},
"fullDescription": {
"text": "A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4806\nSeverity: medium\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4806](https://security-tracker.debian.org/tracker/CVE-2023-4806)",
"markdown": "**Vulnerability CVE-2023-4806**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2023-4806](https://security-tracker.debian.org/tracker/CVE-2023-4806) |\n"
},
"properties": {
"security-severity": "5.9"
}
},
{
"id": "CVE-2023-4813-libc-bin",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4813 medium vulnerability for libc-bin package"
},
"fullDescription": {
"text": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4813\nSeverity: medium\nPackage: libc-bin\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4813](https://security-tracker.debian.org/tracker/CVE-2023-4813)",
"markdown": "**Vulnerability CVE-2023-4813**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libc-bin | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2023-4813](https://security-tracker.debian.org/tracker/CVE-2023-4813) |\n"
},
"properties": {
"security-severity": "5.9"
}
},
{
"id": "CVE-2023-4813-libc6",
"name": "DpkgMatcherExactIndirectMatch",
"shortDescription": {
"text": "CVE-2023-4813 medium vulnerability for libc6 package"
},
"fullDescription": {
"text": "A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge."
},
"helpUri": "https://github.com/anchore/grype",
"help": {
"text": "Vulnerability CVE-2023-4813\nSeverity: medium\nPackage: libc6\nVersion: 2.28-10+deb10u2\nFix Version: \nType: deb\nLocation: \nData Namespace: debian:distro:debian:10\nLink: [CVE-2023-4813](https://security-tracker.debian.org/tracker/CVE-2023-4813)",
"markdown": "**Vulnerability CVE-2023-4813**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium | libc6 | 2.28-10+deb10u2 | | deb | | debian:distro:debian:10 | [CVE-2023-4813](https://security-tracker.debian.org/tracker/CVE-2023-4813) |\n"
},
"properties": {
"security-severity": "5.9"
}
}
]
}
},
"results": [
{
"ruleId": "CVE-2005-2541-tar",
"message": {
"text": "The path reports tar at version 1.30+dfsg-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2007-5686-login",
"message": {
"text": "The path reports login at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2007-5686-passwd",
"message": {
"text": "The path reports passwd at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2007-6755-libssl1.1",
"message": {
"text": "The path reports libssl1.1 at version 1.1.1n-0+deb10u6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2007-6755-openssl",
"message": {
"text": "The path reports openssl at version 1.1.1n-0+deb10u6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2010-0928-libssl1.1",
"message": {
"text": "The path reports libssl1.1 at version 1.1.1n-0+deb10u6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2010-0928-openssl",
"message": {
"text": "The path reports openssl at version 1.1.1n-0+deb10u6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2010-4756-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2010-4756-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2011-3374-apt",
"message": {
"text": "The path reports apt at version 1.8.2.3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2011-3374-libapt-pkg5.0",
"message": {
"text": "The path reports libapt-pkg5.0 at version 1.8.2.3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2011-3389-libgnutls30",
"message": {
"text": "The path reports libgnutls30 at version 3.6.7-4+deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2011-4116-perl-base",
"message": {
"text": "The path reports perl-base at version 5.28.1-6+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2012-2663-iptables",
"message": {
"text": "The path reports iptables at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2012-2663-libip4tc0",
"message": {
"text": "The path reports libip4tc0 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2012-2663-libip6tc0",
"message": {
"text": "The path reports libip6tc0 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2012-2663-libiptc0",
"message": {
"text": "The path reports libiptc0 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2012-2663-libxtables12",
"message": {
"text": "The path reports libxtables12 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2013-4235-login",
"message": {
"text": "The path reports login at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2013-4235-passwd",
"message": {
"text": "The path reports passwd at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2013-4392-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2013-4392-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2016-2781-coreutils",
"message": {
"text": "The path reports coreutils at version 8.30-3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2017-11164-libpcre3",
"message": {
"text": "The path reports libpcre3 at version 2:8.39-12 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2017-16231-libpcre3",
"message": {
"text": "The path reports libpcre3 at version 2:8.39-12 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2017-18018-coreutils",
"message": {
"text": "The path reports coreutils at version 8.30-3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2017-7245-libpcre3",
"message": {
"text": "The path reports libpcre3 at version 2:8.39-12 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2017-7246-libpcre3",
"message": {
"text": "The path reports libpcre3 at version 2:8.39-12 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-1000654-libtasn1-6",
"message": {
"text": "The path reports libtasn1-6 at version 4.13-3+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-12886-gcc-8-base",
"message": {
"text": "The path reports gcc-8-base at version 8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-12886-libgcc1",
"message": {
"text": "The path reports libgcc1 at version 1:8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-12886-libstdc++6",
"message": {
"text": "The path reports libstdc++6 at version 8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-20796-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-20796-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-6829-libgcrypt20",
"message": {
"text": "The path reports libgcrypt20 at version 1.8.4-5+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-7169-login",
"message": {
"text": "The path reports login at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2018-7169-passwd",
"message": {
"text": "The path reports passwd at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010022-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010022-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010023-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010023-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010024-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010024-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010025-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-1010025-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-11360-iptables",
"message": {
"text": "The path reports iptables at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-11360-libip4tc0",
"message": {
"text": "The path reports libip4tc0 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-11360-libip6tc0",
"message": {
"text": "The path reports libip6tc0 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-11360-libiptc0",
"message": {
"text": "The path reports libiptc0 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-11360-libxtables12",
"message": {
"text": "The path reports libxtables12 at version 1.8.2-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-12290-libidn2-0",
"message": {
"text": "The path reports libidn2-0 at version 2.0.5-1+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-13627-libgcrypt20",
"message": {
"text": "The path reports libgcrypt20 at version 1.8.4-5+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-14855-gpgv",
"message": {
"text": "The path reports gpgv at version 2.2.12-1+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-15847-gcc-8-base",
"message": {
"text": "The path reports gcc-8-base at version 8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-15847-libgcc1",
"message": {
"text": "The path reports libgcc1 at version 1:8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-15847-libstdc++6",
"message": {
"text": "The path reports libstdc++6 at version 8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-17543-liblz4-1",
"message": {
"text": "The path reports liblz4-1 at version 1.8.3-1+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-18276-bash",
"message": {
"text": "The path reports bash at version 5.0-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-19882-login",
"message": {
"text": "The path reports login at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-19882-passwd",
"message": {
"text": "The path reports passwd at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-20386-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-20386-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-20795-iproute2",
"message": {
"text": "The path reports iproute2 at version 4.20.0-2+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-20838-libpcre3",
"message": {
"text": "The path reports libpcre3 at version 2:8.39-12 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-3843-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-3843-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-3844-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-3844-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-8457-libdb5.3",
"message": {
"text": "The path reports libdb5.3 at version 5.3.28+dfsg1-0.5 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-9192-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-9192-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-9893-libseccomp2",
"message": {
"text": "The path reports libseccomp2 at version 2.3.3-4 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2019-9923-tar",
"message": {
"text": "The path reports tar at version 1.30+dfsg-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-13529-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-13529-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-14155-libpcre3",
"message": {
"text": "The path reports libpcre3 at version 2:8.39-12 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-16156-perl-base",
"message": {
"text": "The path reports perl-base at version 5.28.1-6+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-1751-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-1751-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19185-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19185-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19185-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19185-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19185-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19186-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19186-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19186-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19186-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19186-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19187-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19187-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19187-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19187-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19187-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19188-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19188-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19188-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19188-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19188-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19189-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19189-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19189-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19189-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19189-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19190-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19190-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19190-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19190-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-19190-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2020-21047-libelf1",
"message": {
"text": "The path reports libelf1 at version 0.176-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-20193-tar",
"message": {
"text": "The path reports tar at version 1.30+dfsg-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-33294-libelf1",
"message": {
"text": "The path reports libelf1 at version 0.176-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-33560-libgcrypt20",
"message": {
"text": "The path reports libgcrypt20 at version 1.8.4-5+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-36084-libsepol1",
"message": {
"text": "The path reports libsepol1 at version 2.8-1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-36085-libsepol1",
"message": {
"text": "The path reports libsepol1 at version 2.8-1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-36086-libsepol1",
"message": {
"text": "The path reports libsepol1 at version 2.8-1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-36087-libsepol1",
"message": {
"text": "The path reports libsepol1 at version 2.8-1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-bsdutils",
"message": {
"text": "The path reports bsdutils at version 1:2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-fdisk",
"message": {
"text": "The path reports fdisk at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-libblkid1",
"message": {
"text": "The path reports libblkid1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-libfdisk1",
"message": {
"text": "The path reports libfdisk1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-libmount1",
"message": {
"text": "The path reports libmount1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-libsmartcols1",
"message": {
"text": "The path reports libsmartcols1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-libuuid1",
"message": {
"text": "The path reports libuuid1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-mount",
"message": {
"text": "The path reports mount at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-37600-util-linux",
"message": {
"text": "The path reports util-linux at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-39537-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-39537-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-39537-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-39537-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-39537-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-3997-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2021-3997-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-bsdutils",
"message": {
"text": "The path reports bsdutils at version 1:2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-fdisk",
"message": {
"text": "The path reports fdisk at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-libblkid1",
"message": {
"text": "The path reports libblkid1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-libfdisk1",
"message": {
"text": "The path reports libfdisk1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-libmount1",
"message": {
"text": "The path reports libmount1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-libsmartcols1",
"message": {
"text": "The path reports libsmartcols1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-libuuid1",
"message": {
"text": "The path reports libuuid1 at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-mount",
"message": {
"text": "The path reports mount at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-0563-util-linux",
"message": {
"text": "The path reports util-linux at version 2.33.1-0.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1304-e2fsprogs",
"message": {
"text": "The path reports e2fsprogs at version 1.44.5-1+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1304-libcom-err2",
"message": {
"text": "The path reports libcom-err2 at version 1.44.5-1+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1304-libext2fs2",
"message": {
"text": "The path reports libext2fs2 at version 1.44.5-1+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1304-libss2",
"message": {
"text": "The path reports libss2 at version 1.44.5-1+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-3219-gpgv",
"message": {
"text": "The path reports gpgv at version 2.2.12-1+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-4415-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-4415-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-48303-tar",
"message": {
"text": "The path reports tar at version 1.30+dfsg-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29383-login",
"message": {
"text": "The path reports login at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29383-passwd",
"message": {
"text": "The path reports passwd at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29491-libncurses6",
"message": {
"text": "The path reports libncurses6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29491-libncursesw6",
"message": {
"text": "The path reports libncursesw6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29491-libtinfo6",
"message": {
"text": "The path reports libtinfo6 at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29491-ncurses-base",
"message": {
"text": "The path reports ncurses-base at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-29491-ncurses-bin",
"message": {
"text": "The path reports ncurses-bin at version 6.1+20181013-2+deb10u3 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31437-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31437-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31438-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31438-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31439-libsystemd0",
"message": {
"text": "The path reports libsystemd0 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31439-libudev1",
"message": {
"text": "The path reports libudev1 at version 241-7~deb10u10 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31484-perl-base",
"message": {
"text": "The path reports perl-base at version 5.28.1-6+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-31486-perl-base",
"message": {
"text": "The path reports perl-base at version 5.28.1-6+deb10u1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4016-libprocps7",
"message": {
"text": "The path reports libprocps7 at version 2:3.3.15-2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4016-procps",
"message": {
"text": "The path reports procps at version 2:3.3.15-2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4039-gcc-8-base",
"message": {
"text": "The path reports gcc-8-base at version 8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4039-libgcc1",
"message": {
"text": "The path reports libgcc1 at version 1:8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4039-libstdc++6",
"message": {
"text": "The path reports libstdc++6 at version 8.3.0-6 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4641-login",
"message": {
"text": "The path reports login at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4641-passwd",
"message": {
"text": "The path reports passwd at version 1:4.5-1.1 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4806-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4806-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4813-libc-bin",
"message": {
"text": "The path reports libc-bin at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2023-4813-libc6",
"message": {
"text": "The path reports libc6 at version 2.28-10+deb10u2 which is a vulnerable (deb) package installed in the container"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "image/"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink