docker pull container-registry-test.elastic.co/enterprise-search/enterprise-search:7.17.9-arm64| CVE | Package | Version | Description |
|---|---|---|---|
| CVE-2022-3821 | systemd | 237-3ubuntu10.56 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. |
| CVE-2020-13844 | gcc-7 | 7.5.0-3ubuntu1~18.04 | Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." |
| CVE-2021-31879 | wget | 1.19.4-1ubuntu2.2 | GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. |
| CVE-2020-13844 | gcc-8 | 8.4.0-1ubuntu1~18.04 | Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." |
| CVE-2021-36222 | krb5 | 1.16-2ubuntu0.2 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. |
| CVE-2021-37750 | krb5 | 1.16-2ubuntu0.2 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
| CVE-2022-42898 | krb5 | 1.16-2ubuntu0.2 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." |
| CVE-2018-20217 | krb5 | 1.16-2ubuntu0.2 | A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request. |
| CVE-2019-9513 | nghttp2 | 1.30.0-1ubuntu1 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. |
| CVE-2019-9511 | nghttp2 | 1.30.0-1ubuntu1 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
| CVE-2016-1585 | apparmor | 2.12-4ubuntu5.1 | In all versions of AppArmor mount rules are accidentally widened when compiled. |
| CVE | Package | Version | Description |
|---|---|---|---|
| CVE-2020-13776 | systemd | 237-3ubuntu10.56 | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. |
| CVE-2018-14048 | libpng1.6 | 1.6.34-1ubuntu0.18.04.2 | An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. |
| CVE-2022-3857 | libpng1.6 | 1.6.34-1ubuntu0.18.04.2 | [Null pointer dereference leads to segmentation fault] |
| CVE-2016-10739 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. |
| CVE-2021-33574 | glibc | 2.27-3ubuntu1.6 | The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. |
| CVE-2016-2781 | coreutils | 8.28-1ubuntu1 | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. |
| CVE-2020-25697 | libx11 | 2:1.6.4-3ubuntu0.4 | A privilege escalation flaw was found due to lack of authentication for X11 clients. An attacker could use this flaw to take control of an X application by impersonating the server it is expecting to connect to. |
| CVE-2018-16868 | gnutls28 | 3.5.18-1ubuntu1.6 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
| CVE-2017-13716 | binutils | 2.30-21ubuntu1~18.04.8 | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). |
| CVE-2019-1010204 | binutils | 2.30-21ubuntu1~18.04.8 | GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. |
| CVE-2018-20673 | binutils | 2.30-21ubuntu1~18.04.8 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. |
| CVE-2021-46195 | binutils | 2.30-21ubuntu1~18.04.8 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. |
| CVE-2013-4235 | shadow | 1:4.5-1ubuntu2.5 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
| CVE-2022-3219 | gnupg2 | 2.2.4-1ubuntu1.6 | gnupg: denial of service issue (resource consumption) using compressed packets |
| CVE-2018-10906 | fuse | 2.9.7-1ubuntu1 | In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. |
| CVE-2021-23336 | python3.6 | 3.6.9-1~18.04ubuntu1.9 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. |
| CVE-2021-28861 | python3.6 | 3.6.9-1~18.04ubuntu1.9 | ** DISPUTED ** Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." |
| CVE | Package | Version | Description |
|---|---|---|---|
| CVE-2019-7309 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. |
| CVE-2018-20796 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
| CVE-2015-8985 | glibc | 2.27-3ubuntu1.6 | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. |
| CVE-2009-5155 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. |
| CVE-2016-20013 | glibc | 2.27-3ubuntu1.6 | sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. |
| CVE-2022-28321 | pam | 1.1.8-3.6ubuntu2.18.04.3 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a machine can still get access. NOTE: the relevance of this issue is largely limited to openSUSE Tumbleweed and openSUSE Factory; it does not affect Linux-PAM upstream. |
| CVE-2018-5709 | krb5 | 1.16-2ubuntu0.2 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. |
| CVE-2018-1000654 | libtasn1-6 | 4.13-2 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. |
| CVE-2018-20657 | binutils | 2.30-21ubuntu1~18.04.8 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. |
| CVE-2021-45078 | binutils | 2.30-21ubuntu1~18.04.8 | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. |
| CVE-2017-11164 | pcre3 | 2:8.39-9ubuntu0.1 | In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. |
| CVE-2018-6952 | patch | 2.7.6-2ubuntu1.1 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
| CVE-2021-45261 | patch | 2.7.6-2ubuntu1.1 | An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. |
| CVE-2019-17594 | ncurses | 6.1-1ubuntu1.18.04 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
| CVE-2019-17595 | ncurses | 6.1-1ubuntu1.18.04 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
| CVE-2021-39537 | ncurses | 6.1-1ubuntu1.18.04 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. |
| CVE-2022-29458 | ncurses | 6.1-1ubuntu1.18.04 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |