trivy scan report: 216 total issues
brightdroid opened this issue · comments
Please update and introduce security scans for this image, currently trivy reports this:
ma1uta/ma1sd (alpine 3.9.4)
===========================
Total: 216 (UNKNOWN: 0, LOW: 106, MEDIUM: 79, HIGH: 27, CRITICAL: 4)
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| freetype | CVE-2020-15999 | MEDIUM | 2.9.1-r2 | 2.9.1-r3 | freetype: Heap-based buffer |
| | | | | | overflow due to integer |
| | | | | | truncation in Load_SBit_Png |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15999 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| krb5-libs | CVE-2020-28196 | HIGH | 1.15.5-r0 | 1.15.5-r1 | krb5: unbounded recursion via an |
| | | | | | ASN.1-encoded Kerberos message |
| | | | | | in lib/krb5/asn.1/asn1_encode.c |
| | | | | | may lead... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-28196 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libbz2 | CVE-2019-12900 | CRITICAL | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write |
| | | | | | in function BZ2_decompress |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12900 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libcom_err | CVE-2019-5094 | MEDIUM | 1.44.5-r0 | 1.44.5-r1 | e2fsprogs: Crafted ext4 partition |
| | | | | | leads to out-of-bounds write |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5094 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-5188 | | | 1.44.5-r2 | e2fsprogs: Out-of-bounds |
| | | | | | write in e2fsck/rehash.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5188 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libcrypto1.1 | CVE-2020-1967 | HIGH | 1.1.1b-r1 | 1.1.1g-r0 | openssl: Segmentation |
| | | | | | fault in SSL_check_chain |
| | | | | | causes denial of service |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer |
| | | | | | overflow in CipherUpdate |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check |
| | | | | | bypass with X509_V_FLAG_X509_STRICT |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-1547 | MEDIUM | | 1.1.1d-r0 | openssl: side-channel weak |
| | | | | | encryption vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1547 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-1549 | | | | openssl: information |
| | | | | | disclosure in fork() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1549 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in RSAZ |
| | | | | | modular exponentiation on x86_64 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-1971 | | | 1.1.1i-r0 | openssl: EDIPARTYNAME |
| | | | | | NULL pointer de-reference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference |
| | | | | | in X509_issuer_and_serial_hash() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference |
| | | | | | in signature_algorithms processing |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-1563 | LOW | | 1.1.1d-r0 | openssl: information |
| | | | | | disclosure in PKCS7_dataDecode |
| | | | | | and CMS_decrypt_set1_pkey |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1563 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-23839 | | | 1.1.1j-r0 | openssl: incorrect SSLv2 |
| | | | | | rollback protection |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libjpeg-turbo | CVE-2019-2201 | HIGH | 1.5.3-r4 | 1.5.3-r6 | libjpeg-turbo: several integer |
| | | | | | overflows and subsequent |
| | | | | | segfaults when attempting to |
| | | | | | compress/decompress gigapixel... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2201 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2018-14498 | MEDIUM | | 1.5.3-r5 | libjpeg-turbo: heap-based buffer |
| | | | | | over-read via crafted 8-bit BMP |
| | | | | | in get_8bit_row in rdbmp.c... |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-14498 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libssl1.1 | CVE-2020-1967 | HIGH | 1.1.1b-r1 | 1.1.1g-r0 | openssl: Segmentation |
| | | | | | fault in SSL_check_chain |
| | | | | | causes denial of service |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer |
| | | | | | overflow in CipherUpdate |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check |
| | | | | | bypass with X509_V_FLAG_X509_STRICT |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-1547 | MEDIUM | | 1.1.1d-r0 | openssl: side-channel weak |
| | | | | | encryption vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1547 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-1549 | | | | openssl: information |
| | | | | | disclosure in fork() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1549 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in RSAZ |
| | | | | | modular exponentiation on x86_64 |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-1971 | | | 1.1.1i-r0 | openssl: EDIPARTYNAME |
| | | | | | NULL pointer de-reference |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference |
| | | | | | in X509_issuer_and_serial_hash() |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference |
| | | | | | in signature_algorithms processing |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-1563 | LOW | | 1.1.1d-r0 | openssl: information |
| | | | | | disclosure in PKCS7_dataDecode |
| | | | | | and CMS_decrypt_set1_pkey |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1563 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2021-23839 | | | 1.1.1j-r0 | openssl: incorrect SSLv2 |
| | | | | | rollback protection |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libtasn1 | CVE-2018-1000654 | MEDIUM | 4.13-r0 | 4.14-r0 | libtasn1: Infinite loop in |
| | | | | | _asn1_expand_object_id(ptree) |
| | | | | | leads to memory exhaustion |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| libx11 | CVE-2020-14363 | HIGH | 1.6.7-r0 | 1.6.12-r0 | libX11: integer overflow leads |
| | | | | | to double free in locale handling |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14363 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2020-14344 | MEDIUM | | 1.6.10-r0 | libX11: Heap overflow in |
| | | | | | the X input method client |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14344 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| musl | CVE-2019-14697 | CRITICAL | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 has |
| | | | | | an x87 floating-point stack |
| | | | | | adjustment imbalance, related... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14697 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2020-28928 | MEDIUM | | 1.1.20-r6 | In musl libc through 1.2.1, |
| | | | | | wcsnrtombs mishandles particular |
| | | | | | combinations of destination buffer... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |
+-------------------+------------------+----------+ +---------------+------------------------------------------+
| musl-utils | CVE-2019-14697 | CRITICAL | | 1.1.20-r5 | musl libc through 1.1.23 has |
| | | | | | an x87 floating-point stack |
| | | | | | adjustment imbalance, related... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14697 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2020-28928 | MEDIUM | | 1.1.20-r6 | In musl libc through 1.2.1, |
| | | | | | wcsnrtombs mishandles particular |
| | | | | | combinations of destination buffer... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| openjdk8-jre | CVE-2020-14583 | HIGH | 8.212.04-r0 | 8.272.10-r0 | OpenJDK: Bypass of boundary checks |
| | | | | | in nio.Buffer via concurrent |
| | | | | | access (Libraries, 8238920)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14583 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14593 | | | | OpenJDK: Incomplete bounds checks in |
| | | | | | Affine Transformations (2D, 8240119) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14593 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2604 | | | 8.242.08-r0 | OpenJDK: Serialization filter |
| | | | | | changes via jdk.serialFilter |
| | | | | | property modification |
| | | | | | (Serialization, 8231422) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2604 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2803 | | | 8.252.09-r0 | OpenJDK: Incorrect bounds checks |
| | | | | | in NIO Buffers (Libraries, 8234841) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2803 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2805 | | | | OpenJDK: Incorrect type checks |
| | | | | | in MethodType.readObject() |
| | | | | | (Libraries, 8235274) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2805 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-2745 | MEDIUM | | 8.222.10-r0 | OpenJDK: Side-channel attack |
| | | | | | risks in Elliptic Curve (EC) |
| | | | | | cryptography (Security, 8208698) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2745 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2762 | | | | OpenJDK: Insufficient checks |
| | | | | | of suppressed exceptions in |
| | | | | | deserialization (Utilities, 8212328) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2762 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2769 | | | | OpenJDK: Unbounded memory |
| | | | | | allocation during deserialization |
| | | | | | in Collections (Utilities, 8213432) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2769 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2816 | | | | OpenJDK: Missing URL format |
| | | | | | validation (Networking, 8221518) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2816 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-2949 | | | 8.232.09-r0 | OpenJDK: Improper handling |
| | | | | | of Kerberos proxy credentials |
| | | | | | (Kerberos, 8220302) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2949 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2958 | | | | OpenJDK: Incorrect |
| | | | | | escaping of command line |
| | | | | | arguments in ProcessImpl |
| | | | | | on Windows (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2958 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2975 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | during regular expression processing |
| | | | | | in Nashorn (Scripting, 8223518)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2975 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2989 | | | | OpenJDK: Incorrect handling of HTTP |
| | | | | | proxy responses in HttpURLConnection |
| | | | | | (Networking, 8225298) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2989 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2999 | | | | OpenJDK: Insufficient filtering |
| | | | | | of HTML event attributes in |
| | | | | | Javadoc (Javadoc, 8226765) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2999 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-7317 | | | 8.222.10-r0 | libpng: use-after-free in |
| | | | | | png_image_free in png.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-7317 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-14556 | | | 8.272.10-r0 | OpenJDK: Incorrect handling |
| | | | | | of access control context in |
| | | | | | ForkJoinPool (Libraries, 8237117) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14556 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14621 | | | | OpenJDK: XML validation manipulation |
| | | | | | due to incomplete application of |
| | | | | | the use-grammar-pool-only feature... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14621 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14792 | | | | OpenJDK: Integer overflow |
| | | | | | leading to out-of-bounds |
| | | | | | access (Hotspot, 8241114) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14792 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14803 | | | | OpenJDK: Race condition in NIO Buffer |
| | | | | | boundary checks (Libraries, 8244136) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14803 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2593 | | | 8.242.08-r0 | OpenJDK: Incorrect |
| | | | | | isBuiltinStreamHandler check |
| | | | | | causing URL normalization |
| | | | | | issues (Networking, 8228548) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2593 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2601 | | | | OpenJDK: Use of unsafe |
| | | | | | RSA-MD5 checksum in Kerberos |
| | | | | | TGS (Security, 8229951) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2601 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2781 | | | 8.252.09-r0 | OpenJDK: Re-use of single |
| | | | | | TLS session for new |
| | | | | | connections (JSSE, 8234408) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2781 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2800 | | | | OpenJDK: CRLF injection into HTTP |
| | | | | | headers in HttpServer (Lightweight |
| | | | | | HTTP Server, 8234825)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2800 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2830 | | | | OpenJDK: Regular expression DoS |
| | | | | | in Scanner (Concurrency, 8236201) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2830 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-2766 | LOW | | 8.222.10-r0 | OpenJDK: Insufficient permission |
| | | | | | checks for file:// URLs on |
| | | | | | Windows (Networking, 8213431) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2766 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2786 | | | | OpenJDK: Insufficient |
| | | | | | restriction of privileges in |
| | | | | | AccessController (Security, 8216381) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2786 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2842 | | | | OpenJDK: Missing array bounds check |
| | | | | | in crypto providers (JCE, 8223511) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2842 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-2894 | | | 8.232.09-r0 | OpenJDK: Side-channel |
| | | | | | vulnerability in the ECDSA |
| | | | | | implementation (Security, 8228825) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2894 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2933 | | | | OpenJDK: FilePermission checks |
| | | | | | not preformed correctly on |
| | | | | | Windows (Libraries, 8213429) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2933 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2945 | | | | OpenJDK: Missing restrictions |
| | | | | | on use of custom SocketImpl |
| | | | | | (Networking, 8218573) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2945 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2962 | | | | OpenJDK: NULL pointer dereference |
| | | | | | in DrawGlyphList (2D, 8222690) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2962 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2964 | | | | OpenJDK: Unexpected exception |
| | | | | | thrown by Pattern processing |
| | | | | | crafted regular expression |
| | | | | | (Concurrency, 8222684)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2964 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2973 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | by XPathParser processing crafted |
| | | | | | XPath expression (JAXP, 8223505)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2973 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2978 | | | | OpenJDK: Incorrect handling |
| | | | | | of nested jar: URLs in Jar |
| | | | | | URL handler (Networking,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2978 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2981 | | | | OpenJDK: Unexpected exception |
| | | | | | thrown by XPath processing crafted |
| | | | | | XPath expression (JAXP, 8224532)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2981 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2983 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | during Font object deserialization |
| | | | | | (Serialization, 8224915) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2983 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2987 | | | | OpenJDK: Missing glyph bitmap |
| | | | | | image dimension check in |
| | | | | | FreetypeFontScaler (2D, 8225286) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2987 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2988 | | | | OpenJDK: Integer overflow in bounds |
| | | | | | check in SunGraphics2D (2D, 8225292) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2988 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2992 | | | | OpenJDK: Excessive memory |
| | | | | | allocation in CMap when reading |
| | | | | | TrueType font (2D, 8225597)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2992 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-14577 | | | 8.272.10-r0 | OpenJDK: HostnameChecker does |
| | | | | | not ensure X.509 certificate |
| | | | | | names are in normalized form... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14577 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14578 | | | | OpenJDK: Unexpected exception |
| | | | | | raised by DerInputStream |
| | | | | | (Libraries, 8237731) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14578 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14579 | | | | OpenJDK: Unexpected exception |
| | | | | | raised by DerValue.equals() |
| | | | | | (Libraries, 8237736) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14579 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14581 | | | | OpenJDK: Information disclosure |
| | | | | | in color management (2D, 8238002) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14581 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14779 | | | | OpenJDK: High memory usage |
| | | | | | during deserialization of Proxy |
| | | | | | class with many interfaces... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14779 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14781 | | | | OpenJDK: Credentials sent |
| | | | | | over unencrypted LDAP |
| | | | | | connection (JNDI, 8237990) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14781 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14782 | | | | OpenJDK: Certificate blacklist |
| | | | | | bypass via alternate certificate |
| | | | | | encodings (Libraries, 8237995) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14782 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14796 | | | | OpenJDK: Missing permission |
| | | | | | check in path to URI |
| | | | | | conversion (Libraries, 8242680) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14796 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14797 | | | | OpenJDK: Incomplete check for |
| | | | | | invalid characters in URI to |
| | | | | | path conversion (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14797 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14798 | | | | OpenJDK: Missing maximum length check in |
| | | | | | WindowsNativeDispatcher.asNativeBuffer() |
| | | | | | (Libraries, 8242695) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14798 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2583 | | | 8.242.08-r0 | OpenJDK: Incorrect exception |
| | | | | | processing during deserialization |
| | | | | | in BeanContextSupport |
| | | | | | (Serialization, 8224909) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2583 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2590 | | | | OpenJDK: Improper checks of |
| | | | | | SASL message properties in |
| | | | | | GssKrb5Base (Security, 8226352) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2590 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2654 | | | | OpenJDK: Excessive memory usage |
| | | | | | in OID processing in X.509 |
| | | | | | certificate parsing (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2654 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2659 | | | | OpenJDK: Incomplete enforcement |
| | | | | | of maxDatagramSockets limit |
| | | | | | in DatagramChannelImpl |
| | | | | | (Networking, 8231795) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2659 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2754 | | | 8.252.09-r0 | OpenJDK: Misplaced regular |
| | | | | | expression syntax error check in |
| | | | | | RegExpScanner (Scripting, 8223898) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2754 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2755 | | | | OpenJDK: Incorrect handling of |
| | | | | | empty string nodes in regular |
| | | | | | expression Parser (Scripting,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2755 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2756 | | | | OpenJDK: Incorrect handling |
| | | | | | of references to uninitialized |
| | | | | | class descriptors during |
| | | | | | deserialization (Serialization,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2756 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2757 | | | | OpenJDK: Uncaught InstantiationError |
| | | | | | exception in ObjectStreamClass |
| | | | | | (Serialization, 8224549) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2757 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2773 | | | | OpenJDK: Unexpected exceptions |
| | | | | | raised by DOMKeyInfoFactory |
| | | | | | and DOMXMLSignatureFactory |
| | | | | | (Security, 8231415) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2773 |
+-------------------+------------------+----------+ +---------------+------------------------------------------+
| openjdk8-jre-base | CVE-2020-14583 | HIGH | | 8.272.10-r0 | OpenJDK: Bypass of boundary checks |
| | | | | | in nio.Buffer via concurrent |
| | | | | | access (Libraries, 8238920)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14583 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14593 | | | | OpenJDK: Incomplete bounds checks in |
| | | | | | Affine Transformations (2D, 8240119) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14593 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2604 | | | 8.242.08-r0 | OpenJDK: Serialization filter |
| | | | | | changes via jdk.serialFilter |
| | | | | | property modification |
| | | | | | (Serialization, 8231422) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2604 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2803 | | | 8.252.09-r0 | OpenJDK: Incorrect bounds checks |
| | | | | | in NIO Buffers (Libraries, 8234841) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2803 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2805 | | | | OpenJDK: Incorrect type checks |
| | | | | | in MethodType.readObject() |
| | | | | | (Libraries, 8235274) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2805 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-2745 | MEDIUM | | 8.222.10-r0 | OpenJDK: Side-channel attack |
| | | | | | risks in Elliptic Curve (EC) |
| | | | | | cryptography (Security, 8208698) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2745 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2762 | | | | OpenJDK: Insufficient checks |
| | | | | | of suppressed exceptions in |
| | | | | | deserialization (Utilities, 8212328) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2762 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2769 | | | | OpenJDK: Unbounded memory |
| | | | | | allocation during deserialization |
| | | | | | in Collections (Utilities, 8213432) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2769 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2816 | | | | OpenJDK: Missing URL format |
| | | | | | validation (Networking, 8221518) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2816 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-2949 | | | 8.232.09-r0 | OpenJDK: Improper handling |
| | | | | | of Kerberos proxy credentials |
| | | | | | (Kerberos, 8220302) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2949 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2958 | | | | OpenJDK: Incorrect |
| | | | | | escaping of command line |
| | | | | | arguments in ProcessImpl |
| | | | | | on Windows (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2958 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2975 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | during regular expression processing |
| | | | | | in Nashorn (Scripting, 8223518)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2975 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2989 | | | | OpenJDK: Incorrect handling of HTTP |
| | | | | | proxy responses in HttpURLConnection |
| | | | | | (Networking, 8225298) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2989 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2999 | | | | OpenJDK: Insufficient filtering |
| | | | | | of HTML event attributes in |
| | | | | | Javadoc (Javadoc, 8226765) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2999 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-7317 | | | 8.222.10-r0 | libpng: use-after-free in |
| | | | | | png_image_free in png.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-7317 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-14556 | | | 8.272.10-r0 | OpenJDK: Incorrect handling |
| | | | | | of access control context in |
| | | | | | ForkJoinPool (Libraries, 8237117) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14556 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14621 | | | | OpenJDK: XML validation manipulation |
| | | | | | due to incomplete application of |
| | | | | | the use-grammar-pool-only feature... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14621 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14792 | | | | OpenJDK: Integer overflow |
| | | | | | leading to out-of-bounds |
| | | | | | access (Hotspot, 8241114) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14792 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14803 | | | | OpenJDK: Race condition in NIO Buffer |
| | | | | | boundary checks (Libraries, 8244136) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14803 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2593 | | | 8.242.08-r0 | OpenJDK: Incorrect |
| | | | | | isBuiltinStreamHandler check |
| | | | | | causing URL normalization |
| | | | | | issues (Networking, 8228548) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2593 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2601 | | | | OpenJDK: Use of unsafe |
| | | | | | RSA-MD5 checksum in Kerberos |
| | | | | | TGS (Security, 8229951) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2601 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2781 | | | 8.252.09-r0 | OpenJDK: Re-use of single |
| | | | | | TLS session for new |
| | | | | | connections (JSSE, 8234408) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2781 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2800 | | | | OpenJDK: CRLF injection into HTTP |
| | | | | | headers in HttpServer (Lightweight |
| | | | | | HTTP Server, 8234825)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2800 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2830 | | | | OpenJDK: Regular expression DoS |
| | | | | | in Scanner (Concurrency, 8236201) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2830 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-2766 | LOW | | 8.222.10-r0 | OpenJDK: Insufficient permission |
| | | | | | checks for file:// URLs on |
| | | | | | Windows (Networking, 8213431) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2766 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2786 | | | | OpenJDK: Insufficient |
| | | | | | restriction of privileges in |
| | | | | | AccessController (Security, 8216381) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2786 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2842 | | | | OpenJDK: Missing array bounds check |
| | | | | | in crypto providers (JCE, 8223511) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2842 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-2894 | | | 8.232.09-r0 | OpenJDK: Side-channel |
| | | | | | vulnerability in the ECDSA |
| | | | | | implementation (Security, 8228825) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2894 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2933 | | | | OpenJDK: FilePermission checks |
| | | | | | not preformed correctly on |
| | | | | | Windows (Libraries, 8213429) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2933 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2945 | | | | OpenJDK: Missing restrictions |
| | | | | | on use of custom SocketImpl |
| | | | | | (Networking, 8218573) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2945 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2962 | | | | OpenJDK: NULL pointer dereference |
| | | | | | in DrawGlyphList (2D, 8222690) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2962 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2964 | | | | OpenJDK: Unexpected exception |
| | | | | | thrown by Pattern processing |
| | | | | | crafted regular expression |
| | | | | | (Concurrency, 8222684)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2964 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2973 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | by XPathParser processing crafted |
| | | | | | XPath expression (JAXP, 8223505)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2973 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2978 | | | | OpenJDK: Incorrect handling |
| | | | | | of nested jar: URLs in Jar |
| | | | | | URL handler (Networking,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2978 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2981 | | | | OpenJDK: Unexpected exception |
| | | | | | thrown by XPath processing crafted |
| | | | | | XPath expression (JAXP, 8224532)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2981 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2983 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | during Font object deserialization |
| | | | | | (Serialization, 8224915) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2983 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2987 | | | | OpenJDK: Missing glyph bitmap |
| | | | | | image dimension check in |
| | | | | | FreetypeFontScaler (2D, 8225286) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2987 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2988 | | | | OpenJDK: Integer overflow in bounds |
| | | | | | check in SunGraphics2D (2D, 8225292) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2988 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2992 | | | | OpenJDK: Excessive memory |
| | | | | | allocation in CMap when reading |
| | | | | | TrueType font (2D, 8225597)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2992 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-14577 | | | 8.272.10-r0 | OpenJDK: HostnameChecker does |
| | | | | | not ensure X.509 certificate |
| | | | | | names are in normalized form... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14577 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14578 | | | | OpenJDK: Unexpected exception |
| | | | | | raised by DerInputStream |
| | | | | | (Libraries, 8237731) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14578 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14579 | | | | OpenJDK: Unexpected exception |
| | | | | | raised by DerValue.equals() |
| | | | | | (Libraries, 8237736) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14579 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14581 | | | | OpenJDK: Information disclosure |
| | | | | | in color management (2D, 8238002) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14581 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14779 | | | | OpenJDK: High memory usage |
| | | | | | during deserialization of Proxy |
| | | | | | class with many interfaces... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14779 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14781 | | | | OpenJDK: Credentials sent |
| | | | | | over unencrypted LDAP |
| | | | | | connection (JNDI, 8237990) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14781 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14782 | | | | OpenJDK: Certificate blacklist |
| | | | | | bypass via alternate certificate |
| | | | | | encodings (Libraries, 8237995) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14782 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14796 | | | | OpenJDK: Missing permission |
| | | | | | check in path to URI |
| | | | | | conversion (Libraries, 8242680) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14796 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14797 | | | | OpenJDK: Incomplete check for |
| | | | | | invalid characters in URI to |
| | | | | | path conversion (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14797 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14798 | | | | OpenJDK: Missing maximum length check in |
| | | | | | WindowsNativeDispatcher.asNativeBuffer() |
| | | | | | (Libraries, 8242695) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14798 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2583 | | | 8.242.08-r0 | OpenJDK: Incorrect exception |
| | | | | | processing during deserialization |
| | | | | | in BeanContextSupport |
| | | | | | (Serialization, 8224909) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2583 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2590 | | | | OpenJDK: Improper checks of |
| | | | | | SASL message properties in |
| | | | | | GssKrb5Base (Security, 8226352) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2590 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2654 | | | | OpenJDK: Excessive memory usage |
| | | | | | in OID processing in X.509 |
| | | | | | certificate parsing (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2654 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2659 | | | | OpenJDK: Incomplete enforcement |
| | | | | | of maxDatagramSockets limit |
| | | | | | in DatagramChannelImpl |
| | | | | | (Networking, 8231795) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2659 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2754 | | | 8.252.09-r0 | OpenJDK: Misplaced regular |
| | | | | | expression syntax error check in |
| | | | | | RegExpScanner (Scripting, 8223898) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2754 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2755 | | | | OpenJDK: Incorrect handling of |
| | | | | | empty string nodes in regular |
| | | | | | expression Parser (Scripting,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2755 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2756 | | | | OpenJDK: Incorrect handling |
| | | | | | of references to uninitialized |
| | | | | | class descriptors during |
| | | | | | deserialization (Serialization,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2756 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2757 | | | | OpenJDK: Uncaught InstantiationError |
| | | | | | exception in ObjectStreamClass |
| | | | | | (Serialization, 8224549) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2757 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2773 | | | | OpenJDK: Unexpected exceptions |
| | | | | | raised by DOMKeyInfoFactory |
| | | | | | and DOMXMLSignatureFactory |
| | | | | | (Security, 8231415) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2773 |
+-------------------+------------------+----------+ +---------------+------------------------------------------+
| openjdk8-jre-lib | CVE-2020-14583 | HIGH | | 8.272.10-r0 | OpenJDK: Bypass of boundary checks |
| | | | | | in nio.Buffer via concurrent |
| | | | | | access (Libraries, 8238920)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14583 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14593 | | | | OpenJDK: Incomplete bounds checks in |
| | | | | | Affine Transformations (2D, 8240119) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14593 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2604 | | | 8.242.08-r0 | OpenJDK: Serialization filter |
| | | | | | changes via jdk.serialFilter |
| | | | | | property modification |
| | | | | | (Serialization, 8231422) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2604 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2803 | | | 8.252.09-r0 | OpenJDK: Incorrect bounds checks |
| | | | | | in NIO Buffers (Libraries, 8234841) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2803 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2805 | | | | OpenJDK: Incorrect type checks |
| | | | | | in MethodType.readObject() |
| | | | | | (Libraries, 8235274) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2805 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-2745 | MEDIUM | | 8.222.10-r0 | OpenJDK: Side-channel attack |
| | | | | | risks in Elliptic Curve (EC) |
| | | | | | cryptography (Security, 8208698) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2745 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2762 | | | | OpenJDK: Insufficient checks |
| | | | | | of suppressed exceptions in |
| | | | | | deserialization (Utilities, 8212328) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2762 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2769 | | | | OpenJDK: Unbounded memory |
| | | | | | allocation during deserialization |
| | | | | | in Collections (Utilities, 8213432) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2769 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2816 | | | | OpenJDK: Missing URL format |
| | | | | | validation (Networking, 8221518) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2816 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-2949 | | | 8.232.09-r0 | OpenJDK: Improper handling |
| | | | | | of Kerberos proxy credentials |
| | | | | | (Kerberos, 8220302) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2949 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2958 | | | | OpenJDK: Incorrect |
| | | | | | escaping of command line |
| | | | | | arguments in ProcessImpl |
| | | | | | on Windows (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2958 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2975 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | during regular expression processing |
| | | | | | in Nashorn (Scripting, 8223518)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2975 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2989 | | | | OpenJDK: Incorrect handling of HTTP |
| | | | | | proxy responses in HttpURLConnection |
| | | | | | (Networking, 8225298) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2989 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2999 | | | | OpenJDK: Insufficient filtering |
| | | | | | of HTML event attributes in |
| | | | | | Javadoc (Javadoc, 8226765) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2999 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-7317 | | | 8.222.10-r0 | libpng: use-after-free in |
| | | | | | png_image_free in png.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-7317 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-14556 | | | 8.272.10-r0 | OpenJDK: Incorrect handling |
| | | | | | of access control context in |
| | | | | | ForkJoinPool (Libraries, 8237117) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14556 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14621 | | | | OpenJDK: XML validation manipulation |
| | | | | | due to incomplete application of |
| | | | | | the use-grammar-pool-only feature... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14621 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14792 | | | | OpenJDK: Integer overflow |
| | | | | | leading to out-of-bounds |
| | | | | | access (Hotspot, 8241114) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14792 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14803 | | | | OpenJDK: Race condition in NIO Buffer |
| | | | | | boundary checks (Libraries, 8244136) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14803 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2593 | | | 8.242.08-r0 | OpenJDK: Incorrect |
| | | | | | isBuiltinStreamHandler check |
| | | | | | causing URL normalization |
| | | | | | issues (Networking, 8228548) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2593 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2601 | | | | OpenJDK: Use of unsafe |
| | | | | | RSA-MD5 checksum in Kerberos |
| | | | | | TGS (Security, 8229951) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2601 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2781 | | | 8.252.09-r0 | OpenJDK: Re-use of single |
| | | | | | TLS session for new |
| | | | | | connections (JSSE, 8234408) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2781 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2800 | | | | OpenJDK: CRLF injection into HTTP |
| | | | | | headers in HttpServer (Lightweight |
| | | | | | HTTP Server, 8234825)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2800 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2830 | | | | OpenJDK: Regular expression DoS |
| | | | | | in Scanner (Concurrency, 8236201) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2830 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-2766 | LOW | | 8.222.10-r0 | OpenJDK: Insufficient permission |
| | | | | | checks for file:// URLs on |
| | | | | | Windows (Networking, 8213431) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2766 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2786 | | | | OpenJDK: Insufficient |
| | | | | | restriction of privileges in |
| | | | | | AccessController (Security, 8216381) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2786 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2842 | | | | OpenJDK: Missing array bounds check |
| | | | | | in crypto providers (JCE, 8223511) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2842 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-2894 | | | 8.232.09-r0 | OpenJDK: Side-channel |
| | | | | | vulnerability in the ECDSA |
| | | | | | implementation (Security, 8228825) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2894 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2933 | | | | OpenJDK: FilePermission checks |
| | | | | | not preformed correctly on |
| | | | | | Windows (Libraries, 8213429) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2933 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2945 | | | | OpenJDK: Missing restrictions |
| | | | | | on use of custom SocketImpl |
| | | | | | (Networking, 8218573) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2945 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2962 | | | | OpenJDK: NULL pointer dereference |
| | | | | | in DrawGlyphList (2D, 8222690) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2962 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2964 | | | | OpenJDK: Unexpected exception |
| | | | | | thrown by Pattern processing |
| | | | | | crafted regular expression |
| | | | | | (Concurrency, 8222684)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2964 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2973 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | by XPathParser processing crafted |
| | | | | | XPath expression (JAXP, 8223505)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2973 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2978 | | | | OpenJDK: Incorrect handling |
| | | | | | of nested jar: URLs in Jar |
| | | | | | URL handler (Networking,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2978 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2981 | | | | OpenJDK: Unexpected exception |
| | | | | | thrown by XPath processing crafted |
| | | | | | XPath expression (JAXP, 8224532)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2981 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2983 | | | | OpenJDK: Unexpected exception thrown |
| | | | | | during Font object deserialization |
| | | | | | (Serialization, 8224915) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2983 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2987 | | | | OpenJDK: Missing glyph bitmap |
| | | | | | image dimension check in |
| | | | | | FreetypeFontScaler (2D, 8225286) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2987 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2988 | | | | OpenJDK: Integer overflow in bounds |
| | | | | | check in SunGraphics2D (2D, 8225292) |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2988 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2019-2992 | | | | OpenJDK: Excessive memory |
| | | | | | allocation in CMap when reading |
| | | | | | TrueType font (2D, 8225597)... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-2992 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-14577 | | | 8.272.10-r0 | OpenJDK: HostnameChecker does |
| | | | | | not ensure X.509 certificate |
| | | | | | names are in normalized form... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14577 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14578 | | | | OpenJDK: Unexpected exception |
| | | | | | raised by DerInputStream |
| | | | | | (Libraries, 8237731) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14578 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14579 | | | | OpenJDK: Unexpected exception |
| | | | | | raised by DerValue.equals() |
| | | | | | (Libraries, 8237736) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14579 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14581 | | | | OpenJDK: Information disclosure |
| | | | | | in color management (2D, 8238002) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14581 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14779 | | | | OpenJDK: High memory usage |
| | | | | | during deserialization of Proxy |
| | | | | | class with many interfaces... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14779 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14781 | | | | OpenJDK: Credentials sent |
| | | | | | over unencrypted LDAP |
| | | | | | connection (JNDI, 8237990) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14781 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14782 | | | | OpenJDK: Certificate blacklist |
| | | | | | bypass via alternate certificate |
| | | | | | encodings (Libraries, 8237995) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14782 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14796 | | | | OpenJDK: Missing permission |
| | | | | | check in path to URI |
| | | | | | conversion (Libraries, 8242680) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14796 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14797 | | | | OpenJDK: Incomplete check for |
| | | | | | invalid characters in URI to |
| | | | | | path conversion (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14797 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-14798 | | | | OpenJDK: Missing maximum length check in |
| | | | | | WindowsNativeDispatcher.asNativeBuffer() |
| | | | | | (Libraries, 8242695) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14798 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2583 | | | 8.242.08-r0 | OpenJDK: Incorrect exception |
| | | | | | processing during deserialization |
| | | | | | in BeanContextSupport |
| | | | | | (Serialization, 8224909) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2583 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2590 | | | | OpenJDK: Improper checks of |
| | | | | | SASL message properties in |
| | | | | | GssKrb5Base (Security, 8226352) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2590 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2654 | | | | OpenJDK: Excessive memory usage |
| | | | | | in OID processing in X.509 |
| | | | | | certificate parsing (Libraries,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2654 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2659 | | | | OpenJDK: Incomplete enforcement |
| | | | | | of maxDatagramSockets limit |
| | | | | | in DatagramChannelImpl |
| | | | | | (Networking, 8231795) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2659 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-2754 | | | 8.252.09-r0 | OpenJDK: Misplaced regular |
| | | | | | expression syntax error check in |
| | | | | | RegExpScanner (Scripting, 8223898) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2754 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2755 | | | | OpenJDK: Incorrect handling of |
| | | | | | empty string nodes in regular |
| | | | | | expression Parser (Scripting,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2755 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2756 | | | | OpenJDK: Incorrect handling |
| | | | | | of references to uninitialized |
| | | | | | class descriptors during |
| | | | | | deserialization (Serialization,... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2756 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2757 | | | | OpenJDK: Uncaught InstantiationError |
| | | | | | exception in ObjectStreamClass |
| | | | | | (Serialization, 8224549) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2757 |
+ +------------------+ + + +------------------------------------------+
| | CVE-2020-2773 | | | | OpenJDK: Unexpected exceptions |
| | | | | | raised by DOMKeyInfoFactory |
| | | | | | and DOMXMLSignatureFactory |
| | | | | | (Security, 8231415) |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-2773 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
| sqlite-libs | CVE-2019-8457 | CRITICAL | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound |
| | | | | | read in function rtreenode() |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-8457 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-19244 | HIGH | | 3.28.0-r2 | sqlite: allows a crash |
| | | | | | if a sub-select uses both |
| | | | | | DISTINCT and window... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-5018 | | | 3.28.0-r0 | sqlite: Use-after-free in |
| | | | | | window function leading |
| | | | | | to remote code execution |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-5018 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2020-11655 | | | 3.28.0-r3 | sqlite: malformed window-function |
| | | | | | query leads to DoS |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11655 |
+ +------------------+----------+ +---------------+------------------------------------------+
| | CVE-2019-16168 | MEDIUM | | 3.28.0-r1 | sqlite: Division by zero in |
| | | | | | whereLoopAddBtreeIndex in sqlite3.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16168 |
+ +------------------+ + +---------------+------------------------------------------+
| | CVE-2019-19242 | | | 3.28.0-r2 | sqlite: SQL injection in |
| | | | | | sqlite3ExprCodeTarget in expr.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19242 |
+-------------------+------------------+----------+-------------------+---------------+------------------------------------------+
Java (jar)
==========
Total: 59 (UNKNOWN: 0, LOW: 1, MEDIUM: 7, HIGH: 37, CRITICAL: 14)
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| com.fasterxml.jackson.core:jackson-databind | CVE-2019-14379 | CRITICAL | 2.9.9.1 | 2.7.9.6, 2.8.11.4, 2.9.9.2 | jackson-databind: default |
| | | | | | typing mishandling leading |
| | | | | | to remote code execution |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14379 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14540 | | | 2.9.10 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | com.zaxxer.hikari.HikariConfig |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14540 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2019-16335 | | | | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | com.zaxxer.hikari.HikariDataSource |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16335 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-16942 | | | 2.9.10.1 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | org.apache.commons.dbcp.datasources.* |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16942 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2019-16943 | | | | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | com.p6spy.engine.spy.P6DataSource |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-16943 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-17267 | | | 2.9.10 | jackson-databind: Serialization |
| | | | | | gadgets in classes of |
| | | | | | the ehcache package |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17267 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-17531 | | | 2.9.10.1 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | org.apache.log4j.receivers.db.* |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17531 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-20330 | | | 2.9.10.2, 2.8.11.5 | jackson-databind: lacks |
| | | | | | certain net.sf.ehcache blocking |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20330 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-24750 | | | 2.9.10.6 | jackson-databind: Serialization gadgets in |
| | | | | | com.pastdev.httpcomponents.configuration.JndiConfiguration |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-24750 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-8840 | | | 2.7.9.7, 2.8.11.5, 2.9.10.3 | jackson-databind: Lacks certain |
| | | | | | xbean-reflect/JNDI blocking |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8840 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-9546 | | | 2.7.9.7, 2.8.11.6, 2.9.10.4 | jackson-databind: Serialization |
| | | | | | gadgets in shaded-hikari-config |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9546 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-9547 | | | | jackson-databind: Serialization |
| | | | | | gadgets in ibatis-sqlmap |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9547 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-9548 | | | | jackson-databind: Serialization |
| | | | | | gadgets in anteros-core |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-9548 |
+ +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14439 | HIGH | | 2.7.9.6, 2.8.11.4, 2.9.9.2 | jackson-databind: Polymorphic |
| | | | | | typing issue related to logback/JNDI |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14439 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14892 | | | 2.6.7.3, 2.8.11.5, 2.9.10 | jackson-databind: Serialization |
| | | | | | gadgets in classes of the |
| | | | | | commons-configuration package |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14892 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14893 | | | 2.8.11.5, 2.9.10 | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | classes of the xalan package |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14893 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10672 | | | 2.9.10.4 | jackson-databind: mishandles |
| | | | | | the interaction between |
| | | | | | serialization gadgets and |
| | | | | | typing which could result... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10672 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-10968 | | | | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | org.aoju.bus.proxy.provider.*.RmiProvider |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10968 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10969 | | | 2.7.9.7, 2.8.11.6, 2.9.10.4 | jackson-databind: Serialization |
| | | | | | gadgets in javax.swing.JEditorPane |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10969 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-11111 | | | 2.9.10.4 | jackson-databind: Serialization gadgets in |
| | | | | | org.apache.activemq.jms.pool.XaPooledConnectionFactory |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11111 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-11112 | | | | jackson-databind: Serialization gadgets in |
| | | | | | org.apache.commons.proxy.provider.remoting.RmiProvider |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11112 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-11113 | | | | jackson-databind: Serialization gadgets in |
| | | | | | org.apache.openjpa.ee.WASRegistryManagedRuntime |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11113 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-11619 | | | | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | org.springframework:spring-aop |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11619 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-11620 | | | | jackson-databind: |
| | | | | | Serialization gadgets in |
| | | | | | commons-jelly:commons-jelly |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11620 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-14060 | | | 2.9.10.5 | jackson-databind: serialization in |
| | | | | | oadd.org.apache.xalan.lib.sql.JNDIConnectionPool |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14060 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-14061 | | | | jackson-databind: serialization |
| | | | | | in weblogic/oracle-aqjms |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14061 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-14062 | | | | jackson-databind: serialization in |
| | | | | | com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14062 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-14195 | | | | jackson-databind: serialization in |
| | | | | | org.jsecurity.realm.jndi.JndiRealmFactory |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14195 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-24616 | | | 2.9.10.6 | jackson-databind: mishandles the |
| | | | | | interaction between serialization |
| | | | | | gadgets and typing, related to |
| | | | | | br.com.anteros.dbcp.AnterosDBCPDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-24616 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-25649 | | | 2.6.7.4, 2.9.10.7, 2.10.5.1 | jackson-databind: FasterXML |
| | | | | | DOMDeserializer insecure |
| | | | | | entity expansion is vulnerable |
| | | | | | to XML external entity... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-25649 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-35490 | | | 2.9.10.8 | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.commons.dbcp2.datasources.PerUserPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-35490 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-35491 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.commons.dbcp2.datasources.SharedPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-35491 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-35728 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-35728 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36179 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36179 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36180 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36180 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36181 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36181 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36182 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36182 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36183 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36183 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36184 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36184 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36185 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36185 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36186 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36186 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36187 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36187 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36188 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36188 |
+ +------------------+ + + +---------------------------------------------------------------------------------+
| | CVE-2020-36189 | | | | jackson-databind: mishandles the interaction |
| | | | | | between serialization gadgets and typing, related to |
| | | | | | com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-36189 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-20190 | | | 2.9.10.7 | jackson-databind: mishandles |
| | | | | | the interaction between |
| | | | | | serialization gadgets and |
| | | | | | typing, related to javax.swing... |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20190 |
+ +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10673 | MEDIUM | | 2.6.7.4, 2.9.10.4 | jackson-databind: mishandles |
| | | | | | the interaction between |
| | | | | | serialization gadgets and |
| | | | | | typing which could result... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10673 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| com.google.guava:guava | CVE-2020-8908 | LOW | 28.0-android | 30.0 | guava: local information |
| | | | | | disclosure via temporary directory |
| | | | | | created with unsafe permissions |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-8908 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| com.google.protobuf:protobuf-java | CVE-2021-22569 | HIGH | 3.3.0 | 3.19.2, 3.18.2, 3.16.1 | protobuf-java: potential DoS in the |
| | | | | | parsing procedure for binary data |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22569 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.6 | 2.7 | apache-commons-io: Limited |
| | | | | | path traversal in Apache |
| | | | | | Commons IO 2.2 to 2.6 |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-29425 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| io.undertow:undertow-core | CVE-2020-1745 | CRITICAL | 2.0.27.Final | 2.0.30.Final | undertow: AJP File |
| | | | | | Read/Inclusion Vulnerability |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1745 |
+ +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2019-14888 | HIGH | | 2.0.29.Final | undertow: possible Denial |
| | | | | | Of Service (DOS) in Undertow |
| | | | | | HTTP server listening on... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14888 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10705 | | | 2.1.1.Final | undertow: Memory exhaustion |
| | | | | | issue in HttpReadListener via |
| | | | | | "Expect: 100-continue" header |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10705 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-1757 | | | 2.1.0.Final | undertow: servletPath is normalized |
| | | | | | incorrectly leading to dangerous |
| | | | | | application mapping which could... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1757 |
+ +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10687 | MEDIUM | | 2.2.0.Final | Undertow: Incomplete fix for |
| | | | | | CVE-2017-2666 due to permitting |
| | | | | | invalid characters in HTTP... |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10687 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2020-10719 | | | 2.1.1.Final | undertow: invalid HTTP |
| | | | | | request with large chunk size |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10719 |
+ +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+
| | CVE-2021-20220 | | | 2.0.34.Final, 2.1.6.Final | undertow: Possible regression |
| | | | | | in fix for CVE-2020-10687 |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20220 |
+---------------------------------------------+------------------+ +-------------------+-----------------------------+---------------------------------------------------------------------------------+
| org.apache.httpcomponents:httpclient | CVE-2020-13956 | | 4.5.10 | 4.5.13 | apache-httpclient: incorrect |
| | | | | | handling of malformed authority |
| | | | | | component in request URIs |
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13956 |
+---------------------------------------------+------------------+ +-------------------+-----------------------------+---------------------------------------------------------------------------------+
| org.apache.mina:mina-core | CVE-2021-41973 | | 2.0.21 | 2.1.5 | mina-core: infinite |
| | | | | | loop may lead to DoS |
| | | | | | -->avd.aquasec.com/nvd/cve-2021-41973 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
| org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.25 | 1.26 | snakeyaml: Billion laughs |
| | | | | | attack via alias feature |
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18640 |
+---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
Oh sorry didn't saw this.