container-images
container-images copied to clipboard
Published
20 hours ago •
oracle
oracle
jfrog reports several medium and low vulnerabilities for oraclelinux:8-slim
The following report was generated by scanning oraclelinux:8-slim with jfrog and several of these are really old(2018,2019,2020)
| Summary | CVEs | Severity | Type | Provider | Component | Infected Version | Fix Version | Edited | Component Versions Id | CVSS v2 | CVSS v3 | Cwe | Id | Is Source Root | Source Comp Id | Source Id |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2022-23308 libxml2: Use-after-free of ID and IDREF attributes | CVE-2022-23308 | Medium | security | JFrog | 8:libxml2 | All Versions | 2022-06-06T21:44:08Z | 8:libxml2 | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-416 | XRAY-198750 | false | rpm://8:libxml2:0:2.9.7-13.el8 | rpm://8:libxml2 | |
| CVE-2021-31566 libarchive: symbolic links incorrectly followed when changing modes, times, ACL and flags of a file while extracting an archive | CVE-2021-31566 | Medium | security | JFrog | 8:libarchive | All Versions | 2022-05-20T21:44:11Z | 8:libarchive | 4.4/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L | CWE-59 | XRAY-192332 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | ||
| CVE-2020-21674 libarchive: heap-based buffer overflow in archive_string_append_from_wcs function in archive_string.c (moderate) | CVE-2020-21674 | Medium | security | JFrog | 8:libarchive | All Versions | 2022-02-22T06:54:06Z | 8:libarchive | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-787->CWE-122,CWE-787 | XRAY-133961 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | |
| CVE-2022-1586 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c | CVE-2022-1586 | Medium | security | JFrog | 8:pcre2 | All Versions | 2022-05-27T21:44:24Z | 8:pcre2 | 6.4/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P | 7.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H | CWE-125 | XRAY-209666 | false | rpm://8:pcre2:0:10.32-2.el8 | rpm://8:pcre2 | |
| CVE-2019-17543 lz4: heap-based buffer overflow in LZ4_write32 (moderate) | CVE-2019-17543 | Medium | security | JFrog | 8:lz4-libs | All Versions | 2022-02-22T06:55:21Z | 8:lz4-libs | 6.8/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P | 8.1/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-122,CWE-787 | XRAY-134601 | false | rpm://8:lz4-libs:0:1.8.3-3.el8_4 | rpm://8:lz4-libs | |
| CVE-2019-12904 Libgcrypt: physical addresses being available to other processes leads to a flush-and-reload side-channel attack (moderate) | CVE-2019-12904 | Medium | security | JFrog | 8:libgcrypt | All Versions | 2022-02-22T06:56:02Z | 8:libgcrypt | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N | 5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-385,CWE-310 | XRAY-133231 | false | rpm://8:libgcrypt:0:1.8.5-6.el8 | rpm://8:libgcrypt | |
| CVE-2022-1434 openssl: Incorrect MAC key used in the RC4-MD5 ciphersuite (moderate) | CVE-2022-1434 | Medium | security | JFrog | 8:openssl-libs | All Versions | 2022-05-25T21:44:24Z | 8:openssl-libs | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N | 5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | CWE-327 | XRAY-210787 | false | rpm://8:openssl-libs:1:1.1.1k-6.el8_5 | rpm://8:openssl-libs | |
| CVE-2019-1010022 glibc: stack guard protection bypass (moderate) | CVE-2019-1010022 | Medium | security | JFrog | 8:glibc-common | All Versions | 2022-02-22T06:56:01Z | 8:glibc-common | 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P | 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-121->CWE-119->CWE-305,CWE-119 | XRAY-133149 | false | rpm://8:glibc-common:0:2.28-189.1.0.1.el8 | rpm://8:glibc-common | |
| CVE-2019-1010022 glibc: stack guard protection bypass (moderate) | CVE-2019-1010022 | Medium | security | JFrog | 8:glibc | All Versions | 2022-02-22T06:56:01Z | 8:glibc | 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P | 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-121->CWE-119->CWE-305,CWE-119 | XRAY-133149 | false | rpm://8:glibc:0:2.28-189.1.0.1.el8 | rpm://8:glibc | |
| CVE-2021-3521 rpm: RPM does not require subkeys to have a valid binding signature | CVE-2021-3521 | Medium | security | JFrog | 8:rpm | All Versions | 2022-05-20T21:44:10Z | 8:rpm | 4.4/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N | CWE-347 | XRAY-185978 | false | rpm://8:rpm:0:4.14.3-23.el8 | rpm://8:rpm | ||
| CVE-2018-20839 systemd: mishandling of the current keyboard mode check leading to passwords being disclosed in cleartext to attacker (moderate) | CVE-2018-20839 | Medium | security | JFrog | 8:systemd-libs | All Versions | 2022-02-22T06:55:28Z | 8:systemd-libs | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N | 6.4/CVSS:3.0/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-200 | XRAY-134751 | false | rpm://8:systemd-libs:0:239-58.0.1.el8 | rpm://8:systemd-libs | |
| CVE-2019-1010022 glibc: stack guard protection bypass (moderate) | CVE-2019-1010022 | Medium | security | JFrog | 8:glibc-minimal-langpack | All Versions | 2022-02-22T06:56:01Z | 8:glibc-minimal-langpack | 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P | 8.1/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-121->CWE-119->CWE-305,CWE-119 | XRAY-133149 | false | rpm://8:glibc-minimal-langpack:0:2.28-189.1.0.1.el8 | rpm://8:glibc-minimal-langpack | |
| CVE-2022-27776 curl: auth/cookie leak on redirect | CVE-2022-27776 | Medium | security | JFrog | 8:curl | All Versions | 2022-06-16T21:44:45Z | 8:curl | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N | 4.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N | CWE-522 | XRAY-209155 | false | rpm://8:curl:0:7.61.1-22.el8 | rpm://8:curl | |
| CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate) | CVE-2021-42694 | Medium | security | JFrog | 8:libgcc | All Versions | 2022-02-22T07:03:20Z | 8:libgcc | 5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P | 8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | CWE-838,CWE-94 | XRAY-189600 | false | rpm://8:libgcc:0:8.5.0-10.0.2.el8 | rpm://8:libgcc | |
| CVE-2021-42694 Developer environment: Homoglyph characters can lead to trojan source attack (moderate) | CVE-2021-42694 | Medium | security | JFrog | 8:libstdc++ | All Versions | 2022-02-22T07:03:20Z | 8:libstdc++ | 5.1/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:P/A:P | 8.5/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H | CWE-838,CWE-94 | XRAY-189600 | false | rpm://8:libstdc++:0:8.5.0-10.0.2.el8 | rpm://8:libstdc++ | |
| CVE-2022-29155 openldap: OpenLDAP SQL injection (moderate) | CVE-2022-29155 | Medium | security | JFrog | 8:openldap | All Versions | 2022-05-20T21:44:17Z | 8:openldap | 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P | 6.5/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N | CWE-89 | XRAY-209689 | false | rpm://8:openldap:0:2.4.46-18.el8 | rpm://8:openldap | |
| CVE-2022-27782 curl: TLS and SSH connection too eager reuse | CVE-2022-27782 | Medium | security | JFrog | 8:curl | All Versions | 2022-06-12T21:44:08Z | 8:curl | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N | 6.0/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L | CWE-287,CWE-295 | XRAY-210045 | false | rpm://8:curl:0:7.61.1-22.el8 | rpm://8:curl | |
| CVE-2022-1292 openssl: c_rehash script allows command injection (moderate) | CVE-2022-1292 | Medium | security | JFrog | 8:openssl-libs | All Versions | 2022-06-12T21:44:08Z | 8:openssl-libs | 10.0/CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C | 5.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | CWE-77,CWE-78 | XRAY-209571 | false | rpm://8:openssl-libs:1:1.1.1k-6.el8_5 | rpm://8:openssl-libs | |
| CVE-2017-14502 libarchive: Off-by-one error in the read_header function (moderate) | CVE-2017-14502 | Medium | security | JFrog | 8:libarchive | All Versions | 2022-02-22T06:54:07Z | 8:libarchive | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P | 7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-193,CWE-125 | XRAY-131952 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | |
| CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use | CVE-2022-22576 | Medium | security | JFrog | 8:curl | All Versions | 2022-06-10T21:44:17Z | 8:curl | 5.5/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N | 4.6/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | CWE-287 | XRAY-209153 | false | rpm://8:curl:0:7.61.1-22.el8 | rpm://8:curl | |
| CVE-2022-29824 libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (moderate) | CVE-2022-29824 | Medium | security | JFrog | 8:libxml2 | All Versions | 2022-05-20T21:44:17Z | 8:libxml2 | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 7.4/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H | CWE-190 | XRAY-209696 | false | rpm://8:libxml2:0:2.9.7-13.el8 | rpm://8:libxml2 | |
| CVE-2021-35937 rpm: TOCTOU race in checks for unsafe symlinks | CVE-2021-35937 | Medium | security | JFrog | 8:rpm | All Versions | 2022-05-20T21:44:11Z | 8:rpm | 6.3/CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H | (CWE-59|CWE-367) | XRAY-178848 | false | rpm://8:rpm:0:4.14.3-23.el8 | rpm://8:rpm | ||
| CVE-2022-27774 curl: credential leak on redirect | CVE-2022-27774 | Medium | security | JFrog | 8:curl | All Versions | 2022-06-16T21:44:45Z | 8:curl | 3.5/CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N | 5.0/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-522 | XRAY-209154 | false | rpm://8:curl:0:7.61.1-22.el8 | rpm://8:curl | |
| CVE-2021-35938 rpm: races with chown/chmod/capabilities calls during installation | CVE-2021-35938 | Medium | security | JFrog | 8:rpm | All Versions | 2022-05-20T21:44:10Z | 8:rpm | 6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | CWE-59 | XRAY-178847 | false | rpm://8:rpm:0:4.14.3-23.el8 | rpm://8:rpm | ||
| CVE-2021-40528 libgcrypt: ElGamal implementation allows plaintext recovery | CVE-2021-40528 | Medium | security | JFrog | 8:libgcrypt | All Versions | 2022-02-22T07:03:18Z | 8:libgcrypt | 2.6/CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N | 5.9/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-327 | XRAY-188668 | false | rpm://8:libgcrypt:0:1.8.5-6.el8 | rpm://8:libgcrypt | |
| CVE-2021-23177 libarchive: extracting a symlink with ACLs modifies ACLs of target | CVE-2021-23177 | Medium | security | JFrog | 8:libarchive | All Versions | 2022-05-20T21:44:11Z | 8:libarchive | 6.6/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L | CWE-59 | XRAY-192333 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | ||
| CVE-2021-35939 rpm: checks for unsafe symlinks are not performed for intermediary directories | CVE-2021-35939 | Medium | security | JFrog | 8:rpm | All Versions | 2022-05-20T21:44:11Z | 8:rpm | 6.5/CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | CWE-59 | XRAY-178849 | false | rpm://8:rpm:0:4.14.3-23.el8 | rpm://8:rpm | ||
| CVE-2018-1000880 libarchive: Improper input validation in WARC parser resulting in a denial of service (low) | CVE-2018-1000880 | Low | security | JFrog | 8:libarchive | All Versions | 2022-02-22T06:55:28Z | 8:libarchive | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-20,CWE-119 | XRAY-134705 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | |
| CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) | CVE-2018-19211 | Low | security | JFrog | 8:ncurses-libs | All Versions | 2022-02-22T06:55:29Z | 8:ncurses-libs | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | CWE-119,CWE-476 | XRAY-132928 | false | rpm://8:ncurses-libs:0:6.1-9.20180224.el8 | rpm://8:ncurses-libs | |
| CVE-2018-19211 ncurses: Null pointer dereference at function _nc_parse_entry in parse_entry.c (low) | CVE-2018-19211 | Low | security | JFrog | 8:ncurses-base | All Versions | 2022-02-22T06:55:29Z | 8:ncurses-base | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | CWE-119,CWE-476 | XRAY-132928 | false | rpm://8:ncurses-base:0:6.1-9.20180224.el8 | rpm://8:ncurses-base | |
| CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) | CVE-2018-19217 | Low | security | JFrog | 8:ncurses-libs | All Versions | 2022-06-10T21:44:09Z | 8:ncurses-libs | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | CWE-119,CWE-476 | XRAY-132932 | false | rpm://8:ncurses-libs:0:6.1-9.20180224.el8 | rpm://8:ncurses-libs | |
| CVE-2018-19217 ncurses: Null pointer dereference at function _nc_name_match (low) | CVE-2018-19217 | Low | security | JFrog | 8:ncurses-base | All Versions | 2022-06-10T21:44:09Z | 8:ncurses-base | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 4.7/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H | CWE-119,CWE-476 | XRAY-132932 | false | rpm://8:ncurses-base:0:6.1-9.20180224.el8 | rpm://8:ncurses-base | |
| CVE-2017-14166 libarchive: Heap-based buffer over-read in the atol8 function (low) | CVE-2017-14166 | Low | security | JFrog | 8:libarchive | All Versions | 2022-02-22T06:55:25Z | 8:libarchive | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-122,CWE-125 | XRAY-131928 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | |
| CVE-2019-9936 sqlite: heap-based buffer over-read in function fts5HashEntrySort in sqlite3.c (low) | CVE-2019-9936 | Low | security | JFrog | 8:sqlite-libs | All Versions | 2022-06-10T21:44:09Z | 8:sqlite-libs | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N | 3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | CWE-122,CWE-125 | XRAY-134833 | false | rpm://8:sqlite-libs:0:3.26.0-15.el8 | rpm://8:sqlite-libs | |
| CVE-2021-44568 libsolv: heap-overflows in resolve_dependencies function | CVE-2021-44568 | Low | security | JFrog | 8:libsolv | All Versions | 2022-05-20T21:44:16Z | 8:libsolv | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 6.3/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H | CWE-125,CWE-787 | XRAY-199742 | false | rpm://8:libsolv:0:0.7.20-1.el8 | rpm://8:libsolv | |
| CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c (low) | CVE-2019-8906 | Low | security | JFrog | 8:file-libs | All Versions | 2022-02-22T06:55:25Z | 8:file-libs | 3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P | 5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L | CWE-125 | XRAY-134829 | false | rpm://8:file-libs:0:5.33-20.el8 | rpm://8:file-libs | |
| CVE-2018-1000654 libtasn1: Infinite loop in _asn1_expand_object_id(ptree) leads to memory exhaustion (low) | CVE-2018-1000654 | Low | security | JFrog | 8:libtasn1 | All Versions | 2022-02-22T06:55:16Z | 8:libtasn1 | 7.1/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C | 4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | CWE-20->CWE-400,NVD-CWE-noinfo | XRAY-132660 | false | rpm://8:libtasn1:0:4.13-3.el8 | rpm://8:libtasn1 | |
| CVE-2021-4209 GnuTLS: Null pointer dereference in MD_UPDATE | CVE-2021-4209 | Low | security | JFrog | 8:gnutls | All Versions | 2022-05-20T21:44:11Z | 8:gnutls | 6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H | CWE-476 | XRAY-198315 | false | rpm://8:gnutls:0:3.6.16-4.el8 | rpm://8:gnutls | ||
| CVE-2017-14501 libarchive: Out-of-bounds read in parse_file_info (low) | CVE-2017-14501 | Low | security | JFrog | 8:libarchive | All Versions | 2022-02-22T06:56:10Z | 8:libarchive | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-125 | XRAY-131951 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | |
| CVE-2019-12900 bzip2: out-of-bounds write in function BZ2_decompress (low) | CVE-2019-12900 | Low | security | JFrog | 8:bzip2-libs | All Versions | 2022-06-10T21:44:08Z | 8:bzip2-libs | 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P | 4.0/CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | CWE-787 | XRAY-133230 | false | rpm://8:bzip2-libs:0:1.0.6-26.el8 | rpm://8:bzip2-libs | |
| CVE-2018-16428 glib2: NULL pointer dereference in g_markup_parse_context_end_parse() function in gmarkup.c (low) | CVE-2018-16428 | Low | security | JFrog | 8:glib2 | All Versions | 2022-02-22T06:55:21Z | 8:glib2 | 7.5/CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P | 9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-119,CWE-476 | XRAY-132844 | false | rpm://8:glib2:0:2.56.4-158.el8 | rpm://8:glib2 | |
| CVE-2021-45346 sqlite: crafted SQL query allows a malicious user to obtain sensitive information (low) | CVE-2021-45346 | Low | security | JFrog | 8:sqlite-libs | All Versions | 2022-05-01T21:44:13Z | 8:sqlite-libs | 4.0/CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N | 3.1/CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N | CWE-401->CWE-200,CWE-401 | XRAY-209065 | false | rpm://8:sqlite-libs:0:3.26.0-15.el8 | rpm://8:sqlite-libs | |
| CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low) | CVE-2018-20657 | Low | security | JFrog | 8:libstdc++ | All Versions | 2022-02-22T06:55:41Z | 8:libstdc++ | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-400,CWE-772 | XRAY-132991 | false | rpm://8:libstdc++:0:8.5.0-10.0.2.el8 | rpm://8:libstdc++ | |
| CVE-2018-20657 libiberty: Memory leak in demangle_template function resulting in a denial of service (low) | CVE-2018-20657 | Low | security | JFrog | 8:libgcc | All Versions | 2022-02-22T06:55:41Z | 8:libgcc | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-400,CWE-772 | XRAY-132991 | false | rpm://8:libgcc:0:8.5.0-10.0.2.el8 | rpm://8:libgcc | |
| CVE-2021-43618 gmp: Integer overflow and resultant buffer overflow via crafted input (low) | CVE-2021-43618 | Low | security | JFrog | 8:gmp | All Versions | 2022-05-20T21:44:11Z | 8:gmp | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P | 4.0/CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | CWE-190 | XRAY-191006 | false | rpm://8:gmp:1:6.1.2-10.el8 | rpm://8:gmp | |
| CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) | CVE-2019-14250 | Low | security | JFrog | 8:libstdc++ | All Versions | 2022-02-22T06:56:11Z | 8:libstdc++ | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-20->CWE-190->CWE-125,CWE-787,CWE-190 | XRAY-133283 | false | rpm://8:libstdc++:0:8.5.0-10.0.2.el8 | rpm://8:libstdc++ | |
| CVE-2018-1000879 libarchive: NULL pointer dereference in ACL parser resulting in a denial of service (low) | CVE-2018-1000879 | Low | security | JFrog | 8:libarchive | All Versions | 2022-02-22T06:55:25Z | 8:libarchive | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-476 | XRAY-134704 | false | rpm://8:libarchive:0:3.3.3-3.el8_5 | rpm://8:libarchive | |
| CVE-2019-9937 sqlite: null-pointer dereference in function fts5ChunkIterate in sqlite3.c (low) | CVE-2019-9937 | Low | security | JFrog | 8:sqlite-libs | All Versions | 2022-06-10T21:44:09Z | 8:sqlite-libs | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | CWE-476 | XRAY-134834 | false | rpm://8:sqlite-libs:0:3.26.0-15.el8 | rpm://8:sqlite-libs | |
| CVE-2019-19244 sqlite: allows a crash if a sub-select uses both DISTINCT and window functions and also has certain ORDER BY usage (low) | CVE-2019-19244 | Low | security | JFrog | 8:sqlite-libs | All Versions | 2022-02-22T06:56:18Z | 8:sqlite-libs | 5.0/CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:P | 7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-20,NVD-CWE-noinfo | XRAY-133415 | false | rpm://8:sqlite-libs:0:3.26.0-15.el8 | rpm://8:sqlite-libs | |
| CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c (low) | CVE-2019-8905 | Low | security | JFrog | 8:file-libs | All Versions | 2022-02-22T06:55:25Z | 8:file-libs | 3.6/CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:P | 5.4/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L | CWE-125 | XRAY-134828 | false | rpm://8:file-libs:0:5.33-20.el8 | rpm://8:file-libs | |
| CVE-2019-14250 binutils: integer overflow in simple-object-elf.c leads to a heap-based buffer overflow (low) | CVE-2019-14250 | Low | security | JFrog | 8:libgcc | All Versions | 2022-02-22T06:56:11Z | 8:libgcc | 4.3/CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P | 3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-20->CWE-190->CWE-125,CWE-787,CWE-190 | XRAY-133283 | false | rpm://8:libgcc:0:8.5.0-10.0.2.el8 | rpm://8:libgcc |
