We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please update and introduce security scans for this image, currently trivy reports this:
ma1uta/ma1sd (alpine 3.9.4) =========================== Total: 216 (UNKNOWN: 0, LOW: 106, MEDIUM: 79, HIGH: 27, CRITICAL: 4) +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | freetype | CVE-2020-15999 | MEDIUM | 2.9.1-r2 | 2.9.1-r3 | freetype: Heap-based buffer | | | | | | | overflow due to integer | | | | | | | truncation in Load_SBit_Png | | | | | | | -->avd.aquasec.com/nvd/cve-2020-15999 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | krb5-libs | CVE-2020-28196 | HIGH | 1.15.5-r0 | 1.15.5-r1 | krb5: unbounded recursion via an | | | | | | | ASN.1-encoded Kerberos message | | | | | | | in lib/krb5/asn.1/asn1_encode.c | | | | | | | may lead... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28196 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libbz2 | CVE-2019-12900 | CRITICAL | 1.0.6-r6 | 1.0.6-r7 | bzip2: out-of-bounds write | | | | | | | in function BZ2_decompress | | | | | | | -->avd.aquasec.com/nvd/cve-2019-12900 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libcom_err | CVE-2019-5094 | MEDIUM | 1.44.5-r0 | 1.44.5-r1 | e2fsprogs: Crafted ext4 partition | | | | | | | leads to out-of-bounds write | | | | | | | -->avd.aquasec.com/nvd/cve-2019-5094 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-5188 | | | 1.44.5-r2 | e2fsprogs: Out-of-bounds | | | | | | | write in e2fsck/rehash.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-5188 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libcrypto1.1 | CVE-2020-1967 | HIGH | 1.1.1b-r1 | 1.1.1g-r0 | openssl: Segmentation | | | | | | | fault in SSL_check_chain | | | | | | | causes denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer | | | | | | | overflow in CipherUpdate | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check | | | | | | | bypass with X509_V_FLAG_X509_STRICT | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-1547 | MEDIUM | | 1.1.1d-r0 | openssl: side-channel weak | | | | | | | encryption vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1547 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-1549 | | | | openssl: information | | | | | | | disclosure in fork() | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1549 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-1971 | | | 1.1.1i-r0 | openssl: EDIPARTYNAME | | | | | | | NULL pointer de-reference | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference | | | | | | | in X509_issuer_and_serial_hash() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference | | | | | | | in signature_algorithms processing | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-1563 | LOW | | 1.1.1d-r0 | openssl: information | | | | | | | disclosure in PKCS7_dataDecode | | | | | | | and CMS_decrypt_set1_pkey | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1563 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-23839 | | | 1.1.1j-r0 | openssl: incorrect SSLv2 | | | | | | | rollback protection | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libjpeg-turbo | CVE-2019-2201 | HIGH | 1.5.3-r4 | 1.5.3-r6 | libjpeg-turbo: several integer | | | | | | | overflows and subsequent | | | | | | | segfaults when attempting to | | | | | | | compress/decompress gigapixel... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2201 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2018-14498 | MEDIUM | | 1.5.3-r5 | libjpeg-turbo: heap-based buffer | | | | | | | over-read via crafted 8-bit BMP | | | | | | | in get_8bit_row in rdbmp.c... | | | | | | | -->avd.aquasec.com/nvd/cve-2018-14498 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libssl1.1 | CVE-2020-1967 | HIGH | 1.1.1b-r1 | 1.1.1g-r0 | openssl: Segmentation | | | | | | | fault in SSL_check_chain | | | | | | | causes denial of service | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1967 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-23840 | | | 1.1.1j-r0 | openssl: integer | | | | | | | overflow in CipherUpdate | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23840 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-3450 | | | 1.1.1k-r0 | openssl: CA certificate check | | | | | | | bypass with X509_V_FLAG_X509_STRICT | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3450 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-1547 | MEDIUM | | 1.1.1d-r0 | openssl: side-channel weak | | | | | | | encryption vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1547 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-1549 | | | | openssl: information | | | | | | | disclosure in fork() | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1549 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-1551 | | | 1.1.1d-r2 | openssl: Integer overflow in RSAZ | | | | | | | modular exponentiation on x86_64 | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1551 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-1971 | | | 1.1.1i-r0 | openssl: EDIPARTYNAME | | | | | | | NULL pointer de-reference | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1971 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-23841 | | | 1.1.1j-r0 | openssl: NULL pointer dereference | | | | | | | in X509_issuer_and_serial_hash() | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23841 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-3449 | | | 1.1.1k-r0 | openssl: NULL pointer dereference | | | | | | | in signature_algorithms processing | | | | | | | -->avd.aquasec.com/nvd/cve-2021-3449 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-1563 | LOW | | 1.1.1d-r0 | openssl: information | | | | | | | disclosure in PKCS7_dataDecode | | | | | | | and CMS_decrypt_set1_pkey | | | | | | | -->avd.aquasec.com/nvd/cve-2019-1563 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2021-23839 | | | 1.1.1j-r0 | openssl: incorrect SSLv2 | | | | | | | rollback protection | | | | | | | -->avd.aquasec.com/nvd/cve-2021-23839 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libtasn1 | CVE-2018-1000654 | MEDIUM | 4.13-r0 | 4.14-r0 | libtasn1: Infinite loop in | | | | | | | _asn1_expand_object_id(ptree) | | | | | | | leads to memory exhaustion | | | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | libx11 | CVE-2020-14363 | HIGH | 1.6.7-r0 | 1.6.12-r0 | libX11: integer overflow leads | | | | | | | to double free in locale handling | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14363 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2020-14344 | MEDIUM | | 1.6.10-r0 | libX11: Heap overflow in | | | | | | | the X input method client | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14344 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | musl | CVE-2019-14697 | CRITICAL | 1.1.20-r4 | 1.1.20-r5 | musl libc through 1.1.23 has | | | | | | | an x87 floating-point stack | | | | | | | adjustment imbalance, related... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14697 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2020-28928 | MEDIUM | | 1.1.20-r6 | In musl libc through 1.2.1, | | | | | | | wcsnrtombs mishandles particular | | | | | | | combinations of destination buffer... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 | +-------------------+------------------+----------+ +---------------+------------------------------------------+ | musl-utils | CVE-2019-14697 | CRITICAL | | 1.1.20-r5 | musl libc through 1.1.23 has | | | | | | | an x87 floating-point stack | | | | | | | adjustment imbalance, related... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14697 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2020-28928 | MEDIUM | | 1.1.20-r6 | In musl libc through 1.2.1, | | | | | | | wcsnrtombs mishandles particular | | | | | | | combinations of destination buffer... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-28928 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | openjdk8-jre | CVE-2020-14583 | HIGH | 8.212.04-r0 | 8.272.10-r0 | OpenJDK: Bypass of boundary checks | | | | | | | in nio.Buffer via concurrent | | | | | | | access (Libraries, 8238920)... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14583 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14593 | | | | OpenJDK: Incomplete bounds checks in | | | | | | | Affine Transformations (2D, 8240119) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14593 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2604 | | | 8.242.08-r0 | OpenJDK: Serialization filter | | | | | | | changes via jdk.serialFilter | | | | | | | property modification | | | | | | | (Serialization, 8231422) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2604 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2803 | | | 8.252.09-r0 | OpenJDK: Incorrect bounds checks | | | | | | | in NIO Buffers (Libraries, 8234841) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2803 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2805 | | | | OpenJDK: Incorrect type checks | | | | | | | in MethodType.readObject() | | | | | | | (Libraries, 8235274) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2805 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-2745 | MEDIUM | | 8.222.10-r0 | OpenJDK: Side-channel attack | | | | | | | risks in Elliptic Curve (EC) | | | | | | | cryptography (Security, 8208698) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2745 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2762 | | | | OpenJDK: Insufficient checks | | | | | | | of suppressed exceptions in | | | | | | | deserialization (Utilities, 8212328) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2762 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2769 | | | | OpenJDK: Unbounded memory | | | | | | | allocation during deserialization | | | | | | | in Collections (Utilities, 8213432) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2769 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2816 | | | | OpenJDK: Missing URL format | | | | | | | validation (Networking, 8221518) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2816 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-2949 | | | 8.232.09-r0 | OpenJDK: Improper handling | | | | | | | of Kerberos proxy credentials | | | | | | | (Kerberos, 8220302) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2949 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2958 | | | | OpenJDK: Incorrect | | | | | | | escaping of command line | | | | | | | arguments in ProcessImpl | | | | | | | on Windows (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2958 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2975 | | | | OpenJDK: Unexpected exception thrown | | | | | | | during regular expression processing | | | | | | | in Nashorn (Scripting, 8223518)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2975 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2989 | | | | OpenJDK: Incorrect handling of HTTP | | | | | | | proxy responses in HttpURLConnection | | | | | | | (Networking, 8225298) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2989 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2999 | | | | OpenJDK: Insufficient filtering | | | | | | | of HTML event attributes in | | | | | | | Javadoc (Javadoc, 8226765) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2999 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-7317 | | | 8.222.10-r0 | libpng: use-after-free in | | | | | | | png_image_free in png.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-7317 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-14556 | | | 8.272.10-r0 | OpenJDK: Incorrect handling | | | | | | | of access control context in | | | | | | | ForkJoinPool (Libraries, 8237117) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14556 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14621 | | | | OpenJDK: XML validation manipulation | | | | | | | due to incomplete application of | | | | | | | the use-grammar-pool-only feature... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14621 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14792 | | | | OpenJDK: Integer overflow | | | | | | | leading to out-of-bounds | | | | | | | access (Hotspot, 8241114) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14792 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14803 | | | | OpenJDK: Race condition in NIO Buffer | | | | | | | boundary checks (Libraries, 8244136) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14803 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2593 | | | 8.242.08-r0 | OpenJDK: Incorrect | | | | | | | isBuiltinStreamHandler check | | | | | | | causing URL normalization | | | | | | | issues (Networking, 8228548) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2593 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2601 | | | | OpenJDK: Use of unsafe | | | | | | | RSA-MD5 checksum in Kerberos | | | | | | | TGS (Security, 8229951) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2601 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2781 | | | 8.252.09-r0 | OpenJDK: Re-use of single | | | | | | | TLS session for new | | | | | | | connections (JSSE, 8234408) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2781 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2800 | | | | OpenJDK: CRLF injection into HTTP | | | | | | | headers in HttpServer (Lightweight | | | | | | | HTTP Server, 8234825)... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2800 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2830 | | | | OpenJDK: Regular expression DoS | | | | | | | in Scanner (Concurrency, 8236201) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2830 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-2766 | LOW | | 8.222.10-r0 | OpenJDK: Insufficient permission | | | | | | | checks for file:// URLs on | | | | | | | Windows (Networking, 8213431) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2766 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2786 | | | | OpenJDK: Insufficient | | | | | | | restriction of privileges in | | | | | | | AccessController (Security, 8216381) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2786 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2842 | | | | OpenJDK: Missing array bounds check | | | | | | | in crypto providers (JCE, 8223511) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2842 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-2894 | | | 8.232.09-r0 | OpenJDK: Side-channel | | | | | | | vulnerability in the ECDSA | | | | | | | implementation (Security, 8228825) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2894 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2933 | | | | OpenJDK: FilePermission checks | | | | | | | not preformed correctly on | | | | | | | Windows (Libraries, 8213429) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2933 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2945 | | | | OpenJDK: Missing restrictions | | | | | | | on use of custom SocketImpl | | | | | | | (Networking, 8218573) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2945 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2962 | | | | OpenJDK: NULL pointer dereference | | | | | | | in DrawGlyphList (2D, 8222690) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2962 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2964 | | | | OpenJDK: Unexpected exception | | | | | | | thrown by Pattern processing | | | | | | | crafted regular expression | | | | | | | (Concurrency, 8222684)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2964 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2973 | | | | OpenJDK: Unexpected exception thrown | | | | | | | by XPathParser processing crafted | | | | | | | XPath expression (JAXP, 8223505)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2973 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2978 | | | | OpenJDK: Incorrect handling | | | | | | | of nested jar: URLs in Jar | | | | | | | URL handler (Networking,... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2978 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2981 | | | | OpenJDK: Unexpected exception | | | | | | | thrown by XPath processing crafted | | | | | | | XPath expression (JAXP, 8224532)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2981 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2983 | | | | OpenJDK: Unexpected exception thrown | | | | | | | during Font object deserialization | | | | | | | (Serialization, 8224915) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2983 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2987 | | | | OpenJDK: Missing glyph bitmap | | | | | | | image dimension check in | | | | | | | FreetypeFontScaler (2D, 8225286) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2987 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2988 | | | | OpenJDK: Integer overflow in bounds | | | | | | | check in SunGraphics2D (2D, 8225292) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2988 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2992 | | | | OpenJDK: Excessive memory | | | | | | | allocation in CMap when reading | | | | | | | TrueType font (2D, 8225597)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2992 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-14577 | | | 8.272.10-r0 | OpenJDK: HostnameChecker does | | | | | | | not ensure X.509 certificate | | | | | | | names are in normalized form... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14577 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14578 | | | | OpenJDK: Unexpected exception | | | | | | | raised by DerInputStream | | | | | | | (Libraries, 8237731) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14578 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14579 | | | | OpenJDK: Unexpected exception | | | | | | | raised by DerValue.equals() | | | | | | | (Libraries, 8237736) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14579 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14581 | | | | OpenJDK: Information disclosure | | | | | | | in color management (2D, 8238002) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14581 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14779 | | | | OpenJDK: High memory usage | | | | | | | during deserialization of Proxy | | | | | | | class with many interfaces... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14779 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14781 | | | | OpenJDK: Credentials sent | | | | | | | over unencrypted LDAP | | | | | | | connection (JNDI, 8237990) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14781 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14782 | | | | OpenJDK: Certificate blacklist | | | | | | | bypass via alternate certificate | | | | | | | encodings (Libraries, 8237995) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14782 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14796 | | | | OpenJDK: Missing permission | | | | | | | check in path to URI | | | | | | | conversion (Libraries, 8242680) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14796 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14797 | | | | OpenJDK: Incomplete check for | | | | | | | invalid characters in URI to | | | | | | | path conversion (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14797 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14798 | | | | OpenJDK: Missing maximum length check in | | | | | | | WindowsNativeDispatcher.asNativeBuffer() | | | | | | | (Libraries, 8242695) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14798 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2583 | | | 8.242.08-r0 | OpenJDK: Incorrect exception | | | | | | | processing during deserialization | | | | | | | in BeanContextSupport | | | | | | | (Serialization, 8224909) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2583 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2590 | | | | OpenJDK: Improper checks of | | | | | | | SASL message properties in | | | | | | | GssKrb5Base (Security, 8226352) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2590 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2654 | | | | OpenJDK: Excessive memory usage | | | | | | | in OID processing in X.509 | | | | | | | certificate parsing (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2654 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2659 | | | | OpenJDK: Incomplete enforcement | | | | | | | of maxDatagramSockets limit | | | | | | | in DatagramChannelImpl | | | | | | | (Networking, 8231795) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2659 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2754 | | | 8.252.09-r0 | OpenJDK: Misplaced regular | | | | | | | expression syntax error check in | | | | | | | RegExpScanner (Scripting, 8223898) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2754 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2755 | | | | OpenJDK: Incorrect handling of | | | | | | | empty string nodes in regular | | | | | | | expression Parser (Scripting,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2755 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2756 | | | | OpenJDK: Incorrect handling | | | | | | | of references to uninitialized | | | | | | | class descriptors during | | | | | | | deserialization (Serialization,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2756 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2757 | | | | OpenJDK: Uncaught InstantiationError | | | | | | | exception in ObjectStreamClass | | | | | | | (Serialization, 8224549) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2757 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2773 | | | | OpenJDK: Unexpected exceptions | | | | | | | raised by DOMKeyInfoFactory | | | | | | | and DOMXMLSignatureFactory | | | | | | | (Security, 8231415) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2773 | +-------------------+------------------+----------+ +---------------+------------------------------------------+ | openjdk8-jre-base | CVE-2020-14583 | HIGH | | 8.272.10-r0 | OpenJDK: Bypass of boundary checks | | | | | | | in nio.Buffer via concurrent | | | | | | | access (Libraries, 8238920)... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14583 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14593 | | | | OpenJDK: Incomplete bounds checks in | | | | | | | Affine Transformations (2D, 8240119) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14593 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2604 | | | 8.242.08-r0 | OpenJDK: Serialization filter | | | | | | | changes via jdk.serialFilter | | | | | | | property modification | | | | | | | (Serialization, 8231422) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2604 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2803 | | | 8.252.09-r0 | OpenJDK: Incorrect bounds checks | | | | | | | in NIO Buffers (Libraries, 8234841) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2803 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2805 | | | | OpenJDK: Incorrect type checks | | | | | | | in MethodType.readObject() | | | | | | | (Libraries, 8235274) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2805 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-2745 | MEDIUM | | 8.222.10-r0 | OpenJDK: Side-channel attack | | | | | | | risks in Elliptic Curve (EC) | | | | | | | cryptography (Security, 8208698) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2745 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2762 | | | | OpenJDK: Insufficient checks | | | | | | | of suppressed exceptions in | | | | | | | deserialization (Utilities, 8212328) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2762 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2769 | | | | OpenJDK: Unbounded memory | | | | | | | allocation during deserialization | | | | | | | in Collections (Utilities, 8213432) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2769 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2816 | | | | OpenJDK: Missing URL format | | | | | | | validation (Networking, 8221518) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2816 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-2949 | | | 8.232.09-r0 | OpenJDK: Improper handling | | | | | | | of Kerberos proxy credentials | | | | | | | (Kerberos, 8220302) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2949 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2958 | | | | OpenJDK: Incorrect | | | | | | | escaping of command line | | | | | | | arguments in ProcessImpl | | | | | | | on Windows (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2958 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2975 | | | | OpenJDK: Unexpected exception thrown | | | | | | | during regular expression processing | | | | | | | in Nashorn (Scripting, 8223518)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2975 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2989 | | | | OpenJDK: Incorrect handling of HTTP | | | | | | | proxy responses in HttpURLConnection | | | | | | | (Networking, 8225298) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2989 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2999 | | | | OpenJDK: Insufficient filtering | | | | | | | of HTML event attributes in | | | | | | | Javadoc (Javadoc, 8226765) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2999 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-7317 | | | 8.222.10-r0 | libpng: use-after-free in | | | | | | | png_image_free in png.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-7317 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-14556 | | | 8.272.10-r0 | OpenJDK: Incorrect handling | | | | | | | of access control context in | | | | | | | ForkJoinPool (Libraries, 8237117) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14556 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14621 | | | | OpenJDK: XML validation manipulation | | | | | | | due to incomplete application of | | | | | | | the use-grammar-pool-only feature... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14621 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14792 | | | | OpenJDK: Integer overflow | | | | | | | leading to out-of-bounds | | | | | | | access (Hotspot, 8241114) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14792 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14803 | | | | OpenJDK: Race condition in NIO Buffer | | | | | | | boundary checks (Libraries, 8244136) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14803 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2593 | | | 8.242.08-r0 | OpenJDK: Incorrect | | | | | | | isBuiltinStreamHandler check | | | | | | | causing URL normalization | | | | | | | issues (Networking, 8228548) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2593 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2601 | | | | OpenJDK: Use of unsafe | | | | | | | RSA-MD5 checksum in Kerberos | | | | | | | TGS (Security, 8229951) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2601 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2781 | | | 8.252.09-r0 | OpenJDK: Re-use of single | | | | | | | TLS session for new | | | | | | | connections (JSSE, 8234408) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2781 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2800 | | | | OpenJDK: CRLF injection into HTTP | | | | | | | headers in HttpServer (Lightweight | | | | | | | HTTP Server, 8234825)... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2800 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2830 | | | | OpenJDK: Regular expression DoS | | | | | | | in Scanner (Concurrency, 8236201) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2830 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-2766 | LOW | | 8.222.10-r0 | OpenJDK: Insufficient permission | | | | | | | checks for file:// URLs on | | | | | | | Windows (Networking, 8213431) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2766 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2786 | | | | OpenJDK: Insufficient | | | | | | | restriction of privileges in | | | | | | | AccessController (Security, 8216381) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2786 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2842 | | | | OpenJDK: Missing array bounds check | | | | | | | in crypto providers (JCE, 8223511) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2842 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-2894 | | | 8.232.09-r0 | OpenJDK: Side-channel | | | | | | | vulnerability in the ECDSA | | | | | | | implementation (Security, 8228825) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2894 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2933 | | | | OpenJDK: FilePermission checks | | | | | | | not preformed correctly on | | | | | | | Windows (Libraries, 8213429) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2933 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2945 | | | | OpenJDK: Missing restrictions | | | | | | | on use of custom SocketImpl | | | | | | | (Networking, 8218573) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2945 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2962 | | | | OpenJDK: NULL pointer dereference | | | | | | | in DrawGlyphList (2D, 8222690) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2962 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2964 | | | | OpenJDK: Unexpected exception | | | | | | | thrown by Pattern processing | | | | | | | crafted regular expression | | | | | | | (Concurrency, 8222684)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2964 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2973 | | | | OpenJDK: Unexpected exception thrown | | | | | | | by XPathParser processing crafted | | | | | | | XPath expression (JAXP, 8223505)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2973 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2978 | | | | OpenJDK: Incorrect handling | | | | | | | of nested jar: URLs in Jar | | | | | | | URL handler (Networking,... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2978 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2981 | | | | OpenJDK: Unexpected exception | | | | | | | thrown by XPath processing crafted | | | | | | | XPath expression (JAXP, 8224532)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2981 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2983 | | | | OpenJDK: Unexpected exception thrown | | | | | | | during Font object deserialization | | | | | | | (Serialization, 8224915) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2983 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2987 | | | | OpenJDK: Missing glyph bitmap | | | | | | | image dimension check in | | | | | | | FreetypeFontScaler (2D, 8225286) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2987 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2988 | | | | OpenJDK: Integer overflow in bounds | | | | | | | check in SunGraphics2D (2D, 8225292) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2988 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2992 | | | | OpenJDK: Excessive memory | | | | | | | allocation in CMap when reading | | | | | | | TrueType font (2D, 8225597)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2992 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-14577 | | | 8.272.10-r0 | OpenJDK: HostnameChecker does | | | | | | | not ensure X.509 certificate | | | | | | | names are in normalized form... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14577 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14578 | | | | OpenJDK: Unexpected exception | | | | | | | raised by DerInputStream | | | | | | | (Libraries, 8237731) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14578 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14579 | | | | OpenJDK: Unexpected exception | | | | | | | raised by DerValue.equals() | | | | | | | (Libraries, 8237736) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14579 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14581 | | | | OpenJDK: Information disclosure | | | | | | | in color management (2D, 8238002) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14581 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14779 | | | | OpenJDK: High memory usage | | | | | | | during deserialization of Proxy | | | | | | | class with many interfaces... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14779 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14781 | | | | OpenJDK: Credentials sent | | | | | | | over unencrypted LDAP | | | | | | | connection (JNDI, 8237990) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14781 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14782 | | | | OpenJDK: Certificate blacklist | | | | | | | bypass via alternate certificate | | | | | | | encodings (Libraries, 8237995) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14782 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14796 | | | | OpenJDK: Missing permission | | | | | | | check in path to URI | | | | | | | conversion (Libraries, 8242680) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14796 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14797 | | | | OpenJDK: Incomplete check for | | | | | | | invalid characters in URI to | | | | | | | path conversion (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14797 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14798 | | | | OpenJDK: Missing maximum length check in | | | | | | | WindowsNativeDispatcher.asNativeBuffer() | | | | | | | (Libraries, 8242695) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14798 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2583 | | | 8.242.08-r0 | OpenJDK: Incorrect exception | | | | | | | processing during deserialization | | | | | | | in BeanContextSupport | | | | | | | (Serialization, 8224909) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2583 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2590 | | | | OpenJDK: Improper checks of | | | | | | | SASL message properties in | | | | | | | GssKrb5Base (Security, 8226352) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2590 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2654 | | | | OpenJDK: Excessive memory usage | | | | | | | in OID processing in X.509 | | | | | | | certificate parsing (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2654 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2659 | | | | OpenJDK: Incomplete enforcement | | | | | | | of maxDatagramSockets limit | | | | | | | in DatagramChannelImpl | | | | | | | (Networking, 8231795) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2659 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2754 | | | 8.252.09-r0 | OpenJDK: Misplaced regular | | | | | | | expression syntax error check in | | | | | | | RegExpScanner (Scripting, 8223898) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2754 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2755 | | | | OpenJDK: Incorrect handling of | | | | | | | empty string nodes in regular | | | | | | | expression Parser (Scripting,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2755 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2756 | | | | OpenJDK: Incorrect handling | | | | | | | of references to uninitialized | | | | | | | class descriptors during | | | | | | | deserialization (Serialization,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2756 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2757 | | | | OpenJDK: Uncaught InstantiationError | | | | | | | exception in ObjectStreamClass | | | | | | | (Serialization, 8224549) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2757 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2773 | | | | OpenJDK: Unexpected exceptions | | | | | | | raised by DOMKeyInfoFactory | | | | | | | and DOMXMLSignatureFactory | | | | | | | (Security, 8231415) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2773 | +-------------------+------------------+----------+ +---------------+------------------------------------------+ | openjdk8-jre-lib | CVE-2020-14583 | HIGH | | 8.272.10-r0 | OpenJDK: Bypass of boundary checks | | | | | | | in nio.Buffer via concurrent | | | | | | | access (Libraries, 8238920)... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14583 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14593 | | | | OpenJDK: Incomplete bounds checks in | | | | | | | Affine Transformations (2D, 8240119) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14593 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2604 | | | 8.242.08-r0 | OpenJDK: Serialization filter | | | | | | | changes via jdk.serialFilter | | | | | | | property modification | | | | | | | (Serialization, 8231422) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2604 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2803 | | | 8.252.09-r0 | OpenJDK: Incorrect bounds checks | | | | | | | in NIO Buffers (Libraries, 8234841) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2803 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2805 | | | | OpenJDK: Incorrect type checks | | | | | | | in MethodType.readObject() | | | | | | | (Libraries, 8235274) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2805 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-2745 | MEDIUM | | 8.222.10-r0 | OpenJDK: Side-channel attack | | | | | | | risks in Elliptic Curve (EC) | | | | | | | cryptography (Security, 8208698) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2745 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2762 | | | | OpenJDK: Insufficient checks | | | | | | | of suppressed exceptions in | | | | | | | deserialization (Utilities, 8212328) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2762 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2769 | | | | OpenJDK: Unbounded memory | | | | | | | allocation during deserialization | | | | | | | in Collections (Utilities, 8213432) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2769 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2816 | | | | OpenJDK: Missing URL format | | | | | | | validation (Networking, 8221518) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2816 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-2949 | | | 8.232.09-r0 | OpenJDK: Improper handling | | | | | | | of Kerberos proxy credentials | | | | | | | (Kerberos, 8220302) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2949 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2958 | | | | OpenJDK: Incorrect | | | | | | | escaping of command line | | | | | | | arguments in ProcessImpl | | | | | | | on Windows (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2958 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2975 | | | | OpenJDK: Unexpected exception thrown | | | | | | | during regular expression processing | | | | | | | in Nashorn (Scripting, 8223518)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2975 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2989 | | | | OpenJDK: Incorrect handling of HTTP | | | | | | | proxy responses in HttpURLConnection | | | | | | | (Networking, 8225298) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2989 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2999 | | | | OpenJDK: Insufficient filtering | | | | | | | of HTML event attributes in | | | | | | | Javadoc (Javadoc, 8226765) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2999 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-7317 | | | 8.222.10-r0 | libpng: use-after-free in | | | | | | | png_image_free in png.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-7317 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-14556 | | | 8.272.10-r0 | OpenJDK: Incorrect handling | | | | | | | of access control context in | | | | | | | ForkJoinPool (Libraries, 8237117) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14556 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14621 | | | | OpenJDK: XML validation manipulation | | | | | | | due to incomplete application of | | | | | | | the use-grammar-pool-only feature... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14621 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14792 | | | | OpenJDK: Integer overflow | | | | | | | leading to out-of-bounds | | | | | | | access (Hotspot, 8241114) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14792 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14803 | | | | OpenJDK: Race condition in NIO Buffer | | | | | | | boundary checks (Libraries, 8244136) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14803 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2593 | | | 8.242.08-r0 | OpenJDK: Incorrect | | | | | | | isBuiltinStreamHandler check | | | | | | | causing URL normalization | | | | | | | issues (Networking, 8228548) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2593 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2601 | | | | OpenJDK: Use of unsafe | | | | | | | RSA-MD5 checksum in Kerberos | | | | | | | TGS (Security, 8229951) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2601 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2781 | | | 8.252.09-r0 | OpenJDK: Re-use of single | | | | | | | TLS session for new | | | | | | | connections (JSSE, 8234408) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2781 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2800 | | | | OpenJDK: CRLF injection into HTTP | | | | | | | headers in HttpServer (Lightweight | | | | | | | HTTP Server, 8234825)... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2800 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2830 | | | | OpenJDK: Regular expression DoS | | | | | | | in Scanner (Concurrency, 8236201) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2830 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-2766 | LOW | | 8.222.10-r0 | OpenJDK: Insufficient permission | | | | | | | checks for file:// URLs on | | | | | | | Windows (Networking, 8213431) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2766 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2786 | | | | OpenJDK: Insufficient | | | | | | | restriction of privileges in | | | | | | | AccessController (Security, 8216381) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2786 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2842 | | | | OpenJDK: Missing array bounds check | | | | | | | in crypto providers (JCE, 8223511) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2842 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-2894 | | | 8.232.09-r0 | OpenJDK: Side-channel | | | | | | | vulnerability in the ECDSA | | | | | | | implementation (Security, 8228825) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2894 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2933 | | | | OpenJDK: FilePermission checks | | | | | | | not preformed correctly on | | | | | | | Windows (Libraries, 8213429) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2933 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2945 | | | | OpenJDK: Missing restrictions | | | | | | | on use of custom SocketImpl | | | | | | | (Networking, 8218573) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2945 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2962 | | | | OpenJDK: NULL pointer dereference | | | | | | | in DrawGlyphList (2D, 8222690) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2962 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2964 | | | | OpenJDK: Unexpected exception | | | | | | | thrown by Pattern processing | | | | | | | crafted regular expression | | | | | | | (Concurrency, 8222684)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2964 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2973 | | | | OpenJDK: Unexpected exception thrown | | | | | | | by XPathParser processing crafted | | | | | | | XPath expression (JAXP, 8223505)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2973 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2978 | | | | OpenJDK: Incorrect handling | | | | | | | of nested jar: URLs in Jar | | | | | | | URL handler (Networking,... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2978 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2981 | | | | OpenJDK: Unexpected exception | | | | | | | thrown by XPath processing crafted | | | | | | | XPath expression (JAXP, 8224532)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2981 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2983 | | | | OpenJDK: Unexpected exception thrown | | | | | | | during Font object deserialization | | | | | | | (Serialization, 8224915) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2983 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2987 | | | | OpenJDK: Missing glyph bitmap | | | | | | | image dimension check in | | | | | | | FreetypeFontScaler (2D, 8225286) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2987 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2988 | | | | OpenJDK: Integer overflow in bounds | | | | | | | check in SunGraphics2D (2D, 8225292) | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2988 | + +------------------+ + + +------------------------------------------+ | | CVE-2019-2992 | | | | OpenJDK: Excessive memory | | | | | | | allocation in CMap when reading | | | | | | | TrueType font (2D, 8225597)... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-2992 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-14577 | | | 8.272.10-r0 | OpenJDK: HostnameChecker does | | | | | | | not ensure X.509 certificate | | | | | | | names are in normalized form... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14577 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14578 | | | | OpenJDK: Unexpected exception | | | | | | | raised by DerInputStream | | | | | | | (Libraries, 8237731) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14578 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14579 | | | | OpenJDK: Unexpected exception | | | | | | | raised by DerValue.equals() | | | | | | | (Libraries, 8237736) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14579 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14581 | | | | OpenJDK: Information disclosure | | | | | | | in color management (2D, 8238002) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14581 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14779 | | | | OpenJDK: High memory usage | | | | | | | during deserialization of Proxy | | | | | | | class with many interfaces... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14779 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14781 | | | | OpenJDK: Credentials sent | | | | | | | over unencrypted LDAP | | | | | | | connection (JNDI, 8237990) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14781 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14782 | | | | OpenJDK: Certificate blacklist | | | | | | | bypass via alternate certificate | | | | | | | encodings (Libraries, 8237995) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14782 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14796 | | | | OpenJDK: Missing permission | | | | | | | check in path to URI | | | | | | | conversion (Libraries, 8242680) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14796 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14797 | | | | OpenJDK: Incomplete check for | | | | | | | invalid characters in URI to | | | | | | | path conversion (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14797 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-14798 | | | | OpenJDK: Missing maximum length check in | | | | | | | WindowsNativeDispatcher.asNativeBuffer() | | | | | | | (Libraries, 8242695) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14798 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2583 | | | 8.242.08-r0 | OpenJDK: Incorrect exception | | | | | | | processing during deserialization | | | | | | | in BeanContextSupport | | | | | | | (Serialization, 8224909) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2583 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2590 | | | | OpenJDK: Improper checks of | | | | | | | SASL message properties in | | | | | | | GssKrb5Base (Security, 8226352) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2590 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2654 | | | | OpenJDK: Excessive memory usage | | | | | | | in OID processing in X.509 | | | | | | | certificate parsing (Libraries,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2654 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2659 | | | | OpenJDK: Incomplete enforcement | | | | | | | of maxDatagramSockets limit | | | | | | | in DatagramChannelImpl | | | | | | | (Networking, 8231795) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2659 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-2754 | | | 8.252.09-r0 | OpenJDK: Misplaced regular | | | | | | | expression syntax error check in | | | | | | | RegExpScanner (Scripting, 8223898) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2754 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2755 | | | | OpenJDK: Incorrect handling of | | | | | | | empty string nodes in regular | | | | | | | expression Parser (Scripting,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2755 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2756 | | | | OpenJDK: Incorrect handling | | | | | | | of references to uninitialized | | | | | | | class descriptors during | | | | | | | deserialization (Serialization,... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2756 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2757 | | | | OpenJDK: Uncaught InstantiationError | | | | | | | exception in ObjectStreamClass | | | | | | | (Serialization, 8224549) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2757 | + +------------------+ + + +------------------------------------------+ | | CVE-2020-2773 | | | | OpenJDK: Unexpected exceptions | | | | | | | raised by DOMKeyInfoFactory | | | | | | | and DOMXMLSignatureFactory | | | | | | | (Security, 8231415) | | | | | | | -->avd.aquasec.com/nvd/cve-2020-2773 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ | sqlite-libs | CVE-2019-8457 | CRITICAL | 3.26.0-r3 | 3.28.0-r0 | sqlite: heap out-of-bound | | | | | | | read in function rtreenode() | | | | | | | -->avd.aquasec.com/nvd/cve-2019-8457 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-19244 | HIGH | | 3.28.0-r2 | sqlite: allows a crash | | | | | | | if a sub-select uses both | | | | | | | DISTINCT and window... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-5018 | | | 3.28.0-r0 | sqlite: Use-after-free in | | | | | | | window function leading | | | | | | | to remote code execution | | | | | | | -->avd.aquasec.com/nvd/cve-2019-5018 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2020-11655 | | | 3.28.0-r3 | sqlite: malformed window-function | | | | | | | query leads to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11655 | + +------------------+----------+ +---------------+------------------------------------------+ | | CVE-2019-16168 | MEDIUM | | 3.28.0-r1 | sqlite: Division by zero in | | | | | | | whereLoopAddBtreeIndex in sqlite3.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16168 | + +------------------+ + +---------------+------------------------------------------+ | | CVE-2019-19242 | | | 3.28.0-r2 | sqlite: SQL injection in | | | | | | | sqlite3ExprCodeTarget in expr.c | | | | | | | -->avd.aquasec.com/nvd/cve-2019-19242 | +-------------------+------------------+----------+-------------------+---------------+------------------------------------------+ Java (jar) ========== Total: 59 (UNKNOWN: 0, LOW: 1, MEDIUM: 7, HIGH: 37, CRITICAL: 14) +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | com.fasterxml.jackson.core:jackson-databind | CVE-2019-14379 | CRITICAL | 2.9.9.1 | 2.7.9.6, 2.8.11.4, 2.9.9.2 | jackson-databind: default | | | | | | | typing mishandling leading | | | | | | | to remote code execution | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14379 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-14540 | | | 2.9.10 | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | com.zaxxer.hikari.HikariConfig | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14540 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2019-16335 | | | | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | com.zaxxer.hikari.HikariDataSource | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16335 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-16942 | | | 2.9.10.1 | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | org.apache.commons.dbcp.datasources.* | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16942 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2019-16943 | | | | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | com.p6spy.engine.spy.P6DataSource | | | | | | | -->avd.aquasec.com/nvd/cve-2019-16943 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-17267 | | | 2.9.10 | jackson-databind: Serialization | | | | | | | gadgets in classes of | | | | | | | the ehcache package | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17267 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-17531 | | | 2.9.10.1 | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | org.apache.log4j.receivers.db.* | | | | | | | -->avd.aquasec.com/nvd/cve-2019-17531 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-20330 | | | 2.9.10.2, 2.8.11.5 | jackson-databind: lacks | | | | | | | certain net.sf.ehcache blocking | | | | | | | -->avd.aquasec.com/nvd/cve-2019-20330 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-24750 | | | 2.9.10.6 | jackson-databind: Serialization gadgets in | | | | | | | com.pastdev.httpcomponents.configuration.JndiConfiguration | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24750 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-8840 | | | 2.7.9.7, 2.8.11.5, 2.9.10.3 | jackson-databind: Lacks certain | | | | | | | xbean-reflect/JNDI blocking | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8840 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-9546 | | | 2.7.9.7, 2.8.11.6, 2.9.10.4 | jackson-databind: Serialization | | | | | | | gadgets in shaded-hikari-config | | | | | | | -->avd.aquasec.com/nvd/cve-2020-9546 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-9547 | | | | jackson-databind: Serialization | | | | | | | gadgets in ibatis-sqlmap | | | | | | | -->avd.aquasec.com/nvd/cve-2020-9547 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-9548 | | | | jackson-databind: Serialization | | | | | | | gadgets in anteros-core | | | | | | | -->avd.aquasec.com/nvd/cve-2020-9548 | + +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-14439 | HIGH | | 2.7.9.6, 2.8.11.4, 2.9.9.2 | jackson-databind: Polymorphic | | | | | | | typing issue related to logback/JNDI | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14439 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-14892 | | | 2.6.7.3, 2.8.11.5, 2.9.10 | jackson-databind: Serialization | | | | | | | gadgets in classes of the | | | | | | | commons-configuration package | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14892 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-14893 | | | 2.8.11.5, 2.9.10 | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | classes of the xalan package | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14893 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-10672 | | | 2.9.10.4 | jackson-databind: mishandles | | | | | | | the interaction between | | | | | | | serialization gadgets and | | | | | | | typing which could result... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10672 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-10968 | | | | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | org.aoju.bus.proxy.provider.*.RmiProvider | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10968 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-10969 | | | 2.7.9.7, 2.8.11.6, 2.9.10.4 | jackson-databind: Serialization | | | | | | | gadgets in javax.swing.JEditorPane | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10969 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-11111 | | | 2.9.10.4 | jackson-databind: Serialization gadgets in | | | | | | | org.apache.activemq.jms.pool.XaPooledConnectionFactory | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11111 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-11112 | | | | jackson-databind: Serialization gadgets in | | | | | | | org.apache.commons.proxy.provider.remoting.RmiProvider | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11112 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-11113 | | | | jackson-databind: Serialization gadgets in | | | | | | | org.apache.openjpa.ee.WASRegistryManagedRuntime | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11113 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-11619 | | | | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | org.springframework:spring-aop | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11619 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-11620 | | | | jackson-databind: | | | | | | | Serialization gadgets in | | | | | | | commons-jelly:commons-jelly | | | | | | | -->avd.aquasec.com/nvd/cve-2020-11620 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-14060 | | | 2.9.10.5 | jackson-databind: serialization in | | | | | | | oadd.org.apache.xalan.lib.sql.JNDIConnectionPool | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14060 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-14061 | | | | jackson-databind: serialization | | | | | | | in weblogic/oracle-aqjms | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14061 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-14062 | | | | jackson-databind: serialization in | | | | | | | com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14062 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-14195 | | | | jackson-databind: serialization in | | | | | | | org.jsecurity.realm.jndi.JndiRealmFactory | | | | | | | -->avd.aquasec.com/nvd/cve-2020-14195 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-24616 | | | 2.9.10.6 | jackson-databind: mishandles the | | | | | | | interaction between serialization | | | | | | | gadgets and typing, related to | | | | | | | br.com.anteros.dbcp.AnterosDBCPDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-24616 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-25649 | | | 2.6.7.4, 2.9.10.7, 2.10.5.1 | jackson-databind: FasterXML | | | | | | | DOMDeserializer insecure | | | | | | | entity expansion is vulnerable | | | | | | | to XML external entity... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-25649 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-35490 | | | 2.9.10.8 | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.commons.dbcp2.datasources.PerUserPoolDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35490 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-35491 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.commons.dbcp2.datasources.SharedPoolDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35491 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-35728 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-35728 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36179 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36179 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36180 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36180 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36181 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36181 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36182 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36182 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36183 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36183 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36184 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36184 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36185 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36185 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36186 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36186 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36187 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36187 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36188 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36188 | + +------------------+ + + +---------------------------------------------------------------------------------+ | | CVE-2020-36189 | | | | jackson-databind: mishandles the interaction | | | | | | | between serialization gadgets and typing, related to | | | | | | | com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-36189 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2021-20190 | | | 2.9.10.7 | jackson-databind: mishandles | | | | | | | the interaction between | | | | | | | serialization gadgets and | | | | | | | typing, related to javax.swing... | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20190 | + +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-10673 | MEDIUM | | 2.6.7.4, 2.9.10.4 | jackson-databind: mishandles | | | | | | | the interaction between | | | | | | | serialization gadgets and | | | | | | | typing which could result... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10673 | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | com.google.guava:guava | CVE-2020-8908 | LOW | 28.0-android | 30.0 | guava: local information | | | | | | | disclosure via temporary directory | | | | | | | created with unsafe permissions | | | | | | | -->avd.aquasec.com/nvd/cve-2020-8908 | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | com.google.protobuf:protobuf-java | CVE-2021-22569 | HIGH | 3.3.0 | 3.19.2, 3.18.2, 3.16.1 | protobuf-java: potential DoS in the | | | | | | | parsing procedure for binary data | | | | | | | -->avd.aquasec.com/nvd/cve-2021-22569 | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | commons-io:commons-io | CVE-2021-29425 | MEDIUM | 2.6 | 2.7 | apache-commons-io: Limited | | | | | | | path traversal in Apache | | | | | | | Commons IO 2.2 to 2.6 | | | | | | | -->avd.aquasec.com/nvd/cve-2021-29425 | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | io.undertow:undertow-core | CVE-2020-1745 | CRITICAL | 2.0.27.Final | 2.0.30.Final | undertow: AJP File | | | | | | | Read/Inclusion Vulnerability | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1745 | + +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2019-14888 | HIGH | | 2.0.29.Final | undertow: possible Denial | | | | | | | Of Service (DOS) in Undertow | | | | | | | HTTP server listening on... | | | | | | | -->avd.aquasec.com/nvd/cve-2019-14888 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-10705 | | | 2.1.1.Final | undertow: Memory exhaustion | | | | | | | issue in HttpReadListener via | | | | | | | "Expect: 100-continue" header | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10705 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-1757 | | | 2.1.0.Final | undertow: servletPath is normalized | | | | | | | incorrectly leading to dangerous | | | | | | | application mapping which could... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-1757 | + +------------------+----------+ +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-10687 | MEDIUM | | 2.2.0.Final | Undertow: Incomplete fix for | | | | | | | CVE-2017-2666 due to permitting | | | | | | | invalid characters in HTTP... | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10687 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2020-10719 | | | 2.1.1.Final | undertow: invalid HTTP | | | | | | | request with large chunk size | | | | | | | -->avd.aquasec.com/nvd/cve-2020-10719 | + +------------------+ + +-----------------------------+---------------------------------------------------------------------------------+ | | CVE-2021-20220 | | | 2.0.34.Final, 2.1.6.Final | undertow: Possible regression | | | | | | | in fix for CVE-2020-10687 | | | | | | | -->avd.aquasec.com/nvd/cve-2021-20220 | +---------------------------------------------+------------------+ +-------------------+-----------------------------+---------------------------------------------------------------------------------+ | org.apache.httpcomponents:httpclient | CVE-2020-13956 | | 4.5.10 | 4.5.13 | apache-httpclient: incorrect | | | | | | | handling of malformed authority | | | | | | | component in request URIs | | | | | | | -->avd.aquasec.com/nvd/cve-2020-13956 | +---------------------------------------------+------------------+ +-------------------+-----------------------------+---------------------------------------------------------------------------------+ | org.apache.mina:mina-core | CVE-2021-41973 | | 2.0.21 | 2.1.5 | mina-core: infinite | | | | | | | loop may lead to DoS | | | | | | | -->avd.aquasec.com/nvd/cve-2021-41973 | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+ | org.yaml:snakeyaml | CVE-2017-18640 | HIGH | 1.25 | 1.26 | snakeyaml: Billion laughs | | | | | | | attack via alias feature | | | | | | | -->avd.aquasec.com/nvd/cve-2017-18640 | +---------------------------------------------+------------------+----------+-------------------+-----------------------------+---------------------------------------------------------------------------------+
The text was updated successfully, but these errors were encountered:
Hello, there is already an issue targeting these points: #107 .
Sorry, something went wrong.
Oh sorry didn't saw this.
No branches or pull requests
Please update and introduce security scans for this image, currently trivy reports this:
The text was updated successfully, but these errors were encountered: