trivy

Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues

trivy image

official nginx

[root@m-k8s ~]# trivy image nginx
2021-08-28T07:41:59.246+0900    INFO    Need to update DB
2021-08-28T07:41:59.246+0900    INFO    Downloading DB...
23.08 MiB / 23.08 MiB [-------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 4.83 MiB p/s 5s
2021-08-28T07:42:19.101+0900    INFO    Detected OS: debian
2021-08-28T07:42:19.102+0900    INFO    Detecting Debian vulnerabilities...
2021-08-28T07:42:19.282+0900    INFO    Number of language-specific files: 1

nginx (debian 10.10)
====================
Total: 181 (UNKNOWN: 1, LOW: 129, MEDIUM: 17, HIGH: 30, CRITICAL: 4)

+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
|     LIBRARY      |  VULNERABILITY ID   | SEVERITY |     INSTALLED VERSION     |  FIXED VERSION   |                            TITLE                             |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| apt              | CVE-2011-3374       | LOW      | 1.8.2.3                   |                  | It was found that apt-key in apt,                            |
|                  |                     |          |                           |                  | all versions, do not correctly...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| bash             | CVE-2019-18276      |          | 5.0-4                     |                  | bash: when effective UID is not                              |
|                  |                     |          |                           |                  | equal to its real UID the...                                 |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-18276                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | TEMP-0841856-B18BAF |          |                           |                  | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF   |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| bsdutils         | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| coreutils        | CVE-2016-2781       |          | 8.30-3                    |                  | coreutils: Non-privileged                                    |
|                  |                     |          |                           |                  | session can escape to the                                    |
|                  |                     |          |                           |                  | parent session in chroot                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2016-2781                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-18018      |          |                           |                  | coreutils: race condition                                    |
|                  |                     |          |                           |                  | vulnerability in chown and chgrp                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-18018                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| curl             | CVE-2021-22924      | HIGH     | 7.64.0-4+deb10u2          |                  | curl: Bad connection reuse                                   |
|                  |                     |          |                           |                  | due to flawed path name checks                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22924                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-22898      | LOW      |                           |                  | curl: TELNET stack                                           |
|                  |                     |          |                           |                  | contents disclosure                                          |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22898                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-22922      |          |                           |                  | curl: Content not matching hash                              |
|                  |                     |          |                           |                  | in Metalink is not being discarded                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22922                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-22923      |          |                           |                  | curl: Metalink download                                      |
|                  |                     |          |                           |                  | sends credentials                                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22923                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| fdisk            | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| gcc-8-base       | CVE-2018-12886      | HIGH     | 8.3.0-6                   |                  | gcc: spilling of stack                                       |
|                  |                     |          |                           |                  | protection address in cfgexpand.c                            |
|                  |                     |          |                           |                  | and function.c leads to...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-15847      |          |                           |                  | gcc: POWER9 "DARN" RNG intrinsic                             |
|                  |                     |          |                           |                  | produces repeated output                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| gpgv             | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1          |                  | gnupg2: OpenPGP Key Certification                            |
|                  |                     |          |                           |                  | Forgeries with SHA-1                                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-14855                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libapt-pkg5.0    | CVE-2011-3374       |          | 1.8.2.3                   |                  | It was found that apt-key in apt,                            |
|                  |                     |          |                           |                  | all versions, do not correctly...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libblkid1        | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libc-bin         | CVE-2021-33574      | CRITICAL | 2.28-10                   |                  | glibc: mq_notify does                                        |
|                  |                     |          |                           |                  | not handle separately                                        |
|                  |                     |          |                           |                  | allocated thread attributes                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-33574                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-35942      |          |                           |                  | glibc: Arbitrary read in wordexp()                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-35942                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-1751       | HIGH     |                           |                  | glibc: array overflow in                                     |
|                  |                     |          |                           |                  | backtrace functions for powerpc                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-1752       |          |                           |                  | glibc: use-after-free in glob()                              |
|                  |                     |          |                           |                  | function when expanding ~user                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-3326       |          |                           |                  | glibc: Assertion failure in                                  |
|                  |                     |          |                           |                  | ISO-2022-JP-3 gconv module                                   |
|                  |                     |          |                           |                  | related to combining characters                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-25013      | MEDIUM   |                           |                  | glibc: buffer over-read in                                   |
|                  |                     |          |                           |                  | iconv when processing invalid                                |
|                  |                     |          |                           |                  | multi-byte input sequences in...                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-10029      |          |                           |                  | glibc: stack corruption                                      |
|                  |                     |          |                           |                  | from crafted input in cosl,                                  |
|                  |                     |          |                           |                  | sinl, sincosl, and tanl...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-27618      |          |                           |                  | glibc: iconv when processing                                 |
|                  |                     |          |                           |                  | invalid multi-byte input                                     |
|                  |                     |          |                           |                  | sequences fails to advance the...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-4051       | LOW      |                           |                  | CVE-2010-4052 glibc: De-recursivise                          |
|                  |                     |          |                           |                  | regular expression engine                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-4052       |          |                           |                  | CVE-2010-4051 CVE-2010-4052                                  |
|                  |                     |          |                           |                  | glibc: De-recursivise                                        |
|                  |                     |          |                           |                  | regular expression engine                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-4756       |          |                           |                  | glibc: glob implementation                                   |
|                  |                     |          |                           |                  | can cause excessive CPU and                                  |
|                  |                     |          |                           |                  | memory consumption due to...                                 |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2016-10228      |          |                           |                  | glibc: iconv program can hang                                |
|                  |                     |          |                           |                  | when invoked with the -c option                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-20796      |          |                           |                  | glibc: uncontrolled recursion in                             |
|                  |                     |          |                           |                  | function check_dst_limits_calc_pos_1                         |
|                  |                     |          |                           |                  | in posix/regexec.c                                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010022    |          |                           |                  | glibc: stack guard protection bypass                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010023    |          |                           |                  | glibc: running ldd on malicious ELF                          |
|                  |                     |          |                           |                  | leads to code execution because of...                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010024    |          |                           |                  | glibc: ASLR bypass using                                     |
|                  |                     |          |                           |                  | cache of thread stack and heap                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010025    |          |                           |                  | glibc: information disclosure of heap                        |
|                  |                     |          |                           |                  | addresses of pthread_created thread                          |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-19126      |          |                           |                  | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                  |                     |          |                           |                  | not ignored in setuid binaries                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-9192       |          |                           |                  | glibc: uncontrolled recursion in                             |
|                  |                     |          |                           |                  | function check_dst_limits_calc_pos_1                         |
|                  |                     |          |                           |                  | in posix/regexec.c                                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-6096       |          |                           |                  | glibc: signed comparison                                     |
|                  |                     |          |                           |                  | vulnerability in the                                         |
|                  |                     |          |                           |                  | ARMv7 memcpy function                                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-27645      |          |                           |                  | glibc: Use-after-free in                                     |
|                  |                     |          |                           |                  | addgetnetgrentX function                                     |
|                  |                     |          |                           |                  | in netgroupcache.c                                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-27645                        |
+------------------+---------------------+----------+                           +------------------+--------------------------------------------------------------+
| libc6            | CVE-2021-33574      | CRITICAL |                           |                  | glibc: mq_notify does                                        |
|                  |                     |          |                           |                  | not handle separately                                        |
|                  |                     |          |                           |                  | allocated thread attributes                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-33574                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-35942      |          |                           |                  | glibc: Arbitrary read in wordexp()                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-35942                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-1751       | HIGH     |                           |                  | glibc: array overflow in                                     |
|                  |                     |          |                           |                  | backtrace functions for powerpc                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-1752       |          |                           |                  | glibc: use-after-free in glob()                              |
|                  |                     |          |                           |                  | function when expanding ~user                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-3326       |          |                           |                  | glibc: Assertion failure in                                  |
|                  |                     |          |                           |                  | ISO-2022-JP-3 gconv module                                   |
|                  |                     |          |                           |                  | related to combining characters                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-25013      | MEDIUM   |                           |                  | glibc: buffer over-read in                                   |
|                  |                     |          |                           |                  | iconv when processing invalid                                |
|                  |                     |          |                           |                  | multi-byte input sequences in...                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-10029      |          |                           |                  | glibc: stack corruption                                      |
|                  |                     |          |                           |                  | from crafted input in cosl,                                  |
|                  |                     |          |                           |                  | sinl, sincosl, and tanl...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-27618      |          |                           |                  | glibc: iconv when processing                                 |
|                  |                     |          |                           |                  | invalid multi-byte input                                     |
|                  |                     |          |                           |                  | sequences fails to advance the...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-4051       | LOW      |                           |                  | CVE-2010-4052 glibc: De-recursivise                          |
|                  |                     |          |                           |                  | regular expression engine                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-4052       |          |                           |                  | CVE-2010-4051 CVE-2010-4052                                  |
|                  |                     |          |                           |                  | glibc: De-recursivise                                        |
|                  |                     |          |                           |                  | regular expression engine                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-4756       |          |                           |                  | glibc: glob implementation                                   |
|                  |                     |          |                           |                  | can cause excessive CPU and                                  |
|                  |                     |          |                           |                  | memory consumption due to...                                 |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2016-10228      |          |                           |                  | glibc: iconv program can hang                                |
|                  |                     |          |                           |                  | when invoked with the -c option                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-20796      |          |                           |                  | glibc: uncontrolled recursion in                             |
|                  |                     |          |                           |                  | function check_dst_limits_calc_pos_1                         |
|                  |                     |          |                           |                  | in posix/regexec.c                                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010022    |          |                           |                  | glibc: stack guard protection bypass                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010023    |          |                           |                  | glibc: running ldd on malicious ELF                          |
|                  |                     |          |                           |                  | leads to code execution because of...                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010024    |          |                           |                  | glibc: ASLR bypass using                                     |
|                  |                     |          |                           |                  | cache of thread stack and heap                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010025    |          |                           |                  | glibc: information disclosure of heap                        |
|                  |                     |          |                           |                  | addresses of pthread_created thread                          |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-19126      |          |                           |                  | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                  |                     |          |                           |                  | not ignored in setuid binaries                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-9192       |          |                           |                  | glibc: uncontrolled recursion in                             |
|                  |                     |          |                           |                  | function check_dst_limits_calc_pos_1                         |
|                  |                     |          |                           |                  | in posix/regexec.c                                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-6096       |          |                           |                  | glibc: signed comparison                                     |
|                  |                     |          |                           |                  | vulnerability in the                                         |
|                  |                     |          |                           |                  | ARMv7 memcpy function                                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-27645      |          |                           |                  | glibc: Use-after-free in                                     |
|                  |                     |          |                           |                  | addgetnetgrentX function                                     |
|                  |                     |          |                           |                  | in netgroupcache.c                                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-27645                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libcurl4         | CVE-2021-22924      | HIGH     | 7.64.0-4+deb10u2          |                  | curl: Bad connection reuse                                   |
|                  |                     |          |                           |                  | due to flawed path name checks                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22924                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-22898      | LOW      |                           |                  | curl: TELNET stack                                           |
|                  |                     |          |                           |                  | contents disclosure                                          |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22898                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-22922      |          |                           |                  | curl: Content not matching hash                              |
|                  |                     |          |                           |                  | in Metalink is not being discarded                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22922                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-22923      |          |                           |                  | curl: Metalink download                                      |
|                  |                     |          |                           |                  | sends credentials                                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-22923                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libexpat1        | CVE-2013-0340       |          | 2.2.6-2+deb10u1           |                  | expat: internal entity expansion                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2013-0340                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libfdisk1        | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libgcc1          | CVE-2018-12886      | HIGH     | 8.3.0-6                   |                  | gcc: spilling of stack                                       |
|                  |                     |          |                           |                  | protection address in cfgexpand.c                            |
|                  |                     |          |                           |                  | and function.c leads to...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-15847      |          |                           |                  | gcc: POWER9 "DARN" RNG intrinsic                             |
|                  |                     |          |                           |                  | produces repeated output                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libgcrypt20      | CVE-2019-13627      | MEDIUM   | 1.8.4-5+deb10u1           |                  | libgcrypt: ECDSA timing attack                               |
|                  |                     |          |                           |                  | allowing private key leak                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-13627                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-6829       | LOW      |                           |                  | libgcrypt: ElGamal implementation                            |
|                  |                     |          |                           |                  | doesn't have semantic security due                           |
|                  |                     |          |                           |                  | to incorrectly encoded plaintexts...                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-6829                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libgd3           | CVE-2017-6363       | HIGH     | 2.2.5-5.2                 |                  | ** DISPUTED ** In the                                        |
|                  |                     |          |                           |                  | GD Graphics Library (aka                                     |
|                  |                     |          |                           |                  | LibGD) through 2.2.5,...                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-6363                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-38115      | MEDIUM   |                           |                  | read_header_tga in gd_tga.c                                  |
|                  |                     |          |                           |                  | in the GD Graphics Library                                   |
|                  |                     |          |                           |                  | (aka LibGD) through 2.3.2...                                 |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-38115                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-14553      | LOW      |                           |                  | gd: NULL pointer                                             |
|                  |                     |          |                           |                  | dereference in gdImageClone                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-14553                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-40145      | UNKNOWN  |                           |                  | ** DISPUTED ** gdImageGd2Ptr                                 |
|                  |                     |          |                           |                  | in gd_gd2.c in the GD                                        |
|                  |                     |          |                           |                  | Graphics Library (aka...                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-40145                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libgnutls30      | CVE-2011-3389       | LOW      | 3.6.7-4+deb10u7           |                  | HTTPS: block-wise chosen-plaintext                           |
|                  |                     |          |                           |                  | attack against SSL/TLS (BEAST)                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2011-3389                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libgssapi-krb5-2 | CVE-2021-36222      | HIGH     | 1.17-3+deb10u1            | 1.17-3+deb10u2   | krb5: sending a request containing                           |
|                  |                     |          |                           |                  | a PA-ENCRYPTED-CHALLENGE padata                              |
|                  |                     |          |                           |                  | element without using FAST...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36222                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-37750      | MEDIUM   |                           |                  | krb5: NULL pointer dereference                               |
|                  |                     |          |                           |                  | in process_tgs_req() in                                      |
|                  |                     |          |                           |                  | kdc/do_tgs_req.c via a FAST inner...                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37750                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2004-0971       | LOW      |                           |                  | security flaw                                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-5709       |          |                           |                  | krb5: integer overflow                                       |
|                  |                     |          |                           |                  | in dbentry->n_key_data                                       |
|                  |                     |          |                           |                  | in kadmin/dbutil/dump.c                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libicu63         | CVE-2021-30535      | HIGH     | 63.1-6+deb10u1            |                  | Double free in ICU in Google Chrome                          |
|                  |                     |          |                           |                  | prior to 91.0.4472.77 allowed a...                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-30535                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libidn2-0        | CVE-2019-12290      |          | 2.0.5-1+deb10u1           |                  | GNU libidn2 before 2.2.0                                     |
|                  |                     |          |                           |                  | fails to perform the roundtrip                               |
|                  |                     |          |                           |                  | checks specified in...                                       |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-12290                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libjbig0         | CVE-2017-9937       | LOW      | 2.1-3.1                   |                  | libtiff: memory malloc failure                               |
|                  |                     |          |                           |                  | in tif_jbig.c could cause DOS.                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-9937                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libjpeg62-turbo  | CVE-2017-15232      |          | 1:1.5.2-2+deb10u1         |                  | libjpeg-turbo: NULL                                          |
|                  |                     |          |                           |                  | pointer dereference in                                       |
|                  |                     |          |                           |                  | jdpostct.c and jquant1.c                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-15232                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-11813      |          |                           |                  | libjpeg: "cjpeg" utility                                     |
|                  |                     |          |                           |                  | large loop because read_pixel                                |
|                  |                     |          |                           |                  | in rdtarga.c mishandles EOF                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-11813                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-17541      |          |                           |                  | libjpeg-turbo: Stack-based buffer                            |
|                  |                     |          |                           |                  | overflow in the "transform" component                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-17541                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libk5crypto3     | CVE-2021-36222      | HIGH     | 1.17-3+deb10u1            | 1.17-3+deb10u2   | krb5: sending a request containing                           |
|                  |                     |          |                           |                  | a PA-ENCRYPTED-CHALLENGE padata                              |
|                  |                     |          |                           |                  | element without using FAST...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36222                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-37750      | MEDIUM   |                           |                  | krb5: NULL pointer dereference                               |
|                  |                     |          |                           |                  | in process_tgs_req() in                                      |
|                  |                     |          |                           |                  | kdc/do_tgs_req.c via a FAST inner...                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37750                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2004-0971       | LOW      |                           |                  | security flaw                                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-5709       |          |                           |                  | krb5: integer overflow                                       |
|                  |                     |          |                           |                  | in dbentry->n_key_data                                       |
|                  |                     |          |                           |                  | in kadmin/dbutil/dump.c                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+------------------+---------------------+----------+                           +------------------+--------------------------------------------------------------+
| libkrb5-3        | CVE-2021-36222      | HIGH     |                           | 1.17-3+deb10u2   | krb5: sending a request containing                           |
|                  |                     |          |                           |                  | a PA-ENCRYPTED-CHALLENGE padata                              |
|                  |                     |          |                           |                  | element without using FAST...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36222                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-37750      | MEDIUM   |                           |                  | krb5: NULL pointer dereference                               |
|                  |                     |          |                           |                  | in process_tgs_req() in                                      |
|                  |                     |          |                           |                  | kdc/do_tgs_req.c via a FAST inner...                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37750                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2004-0971       | LOW      |                           |                  | security flaw                                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-5709       |          |                           |                  | krb5: integer overflow                                       |
|                  |                     |          |                           |                  | in dbentry->n_key_data                                       |
|                  |                     |          |                           |                  | in kadmin/dbutil/dump.c                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+------------------+---------------------+----------+                           +------------------+--------------------------------------------------------------+
| libkrb5support0  | CVE-2021-36222      | HIGH     |                           | 1.17-3+deb10u2   | krb5: sending a request containing                           |
|                  |                     |          |                           |                  | a PA-ENCRYPTED-CHALLENGE padata                              |
|                  |                     |          |                           |                  | element without using FAST...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36222                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-37750      | MEDIUM   |                           |                  | krb5: NULL pointer dereference                               |
|                  |                     |          |                           |                  | in process_tgs_req() in                                      |
|                  |                     |          |                           |                  | kdc/do_tgs_req.c via a FAST inner...                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37750                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2004-0971       | LOW      |                           |                  | security flaw                                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2004-0971                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-5709       |          |                           |                  | krb5: integer overflow                                       |
|                  |                     |          |                           |                  | in dbentry->n_key_data                                       |
|                  |                     |          |                           |                  | in kadmin/dbutil/dump.c                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-5709                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libldap-2.4-2    | CVE-2015-3276       |          | 2.4.47+dfsg-3+deb10u6     |                  | openldap: incorrect multi-keyword                            |
|                  |                     |          |                           |                  | mode cipherstring parsing                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-14159      |          |                           |                  | openldap: Privilege escalation                               |
|                  |                     |          |                           |                  | via PID file manipulation                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-17740      |          |                           |                  | openldap:                                                    |
|                  |                     |          |                           |                  | contrib/slapd-modules/nops/nops.c                            |
|                  |                     |          |                           |                  | attempts to free stack buffer                                |
|                  |                     |          |                           |                  | allowing remote attackers to cause...                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-15719      |          |                           |                  | openldap: Certificate                                        |
|                  |                     |          |                           |                  | validation incorrectly                                       |
|                  |                     |          |                           |                  | matches name against CN-ID                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+------------------+---------------------+          +                           +------------------+--------------------------------------------------------------+
| libldap-common   | CVE-2015-3276       |          |                           |                  | openldap: incorrect multi-keyword                            |
|                  |                     |          |                           |                  | mode cipherstring parsing                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2015-3276                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-14159      |          |                           |                  | openldap: Privilege escalation                               |
|                  |                     |          |                           |                  | via PID file manipulation                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-14159                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-17740      |          |                           |                  | openldap:                                                    |
|                  |                     |          |                           |                  | contrib/slapd-modules/nops/nops.c                            |
|                  |                     |          |                           |                  | attempts to free stack buffer                                |
|                  |                     |          |                           |                  | allowing remote attackers to cause...                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-17740                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-15719      |          |                           |                  | openldap: Certificate                                        |
|                  |                     |          |                           |                  | validation incorrectly                                       |
|                  |                     |          |                           |                  | matches name against CN-ID                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-15719                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| liblz4-1         | CVE-2019-17543      |          | 1.8.3-1+deb10u1           |                  | lz4: heap-based buffer                                       |
|                  |                     |          |                           |                  | overflow in LZ4_write32                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-17543                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libmount1        | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libnghttp2-14    | TEMP-0000000-A4EF31 |          | 1.36.0-2+deb10u1          |                  | -->security-tracker.debian.org/tracker/TEMP-0000000-A4EF31   |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libpcre3         | CVE-2020-14155      | MEDIUM   | 2:8.39-12                 |                  | pcre: integer overflow in libpcre                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-14155                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-11164      | LOW      |                           |                  | pcre: OP_KETRMAX feature in the                              |
|                  |                     |          |                           |                  | match function in pcre_exec.c                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-11164                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-16231      |          |                           |                  | pcre: self-recursive call                                    |
|                  |                     |          |                           |                  | in match() in pcre_exec.c                                    |
|                  |                     |          |                           |                  | leads to denial of service...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-16231                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-7245       |          |                           |                  | pcre: stack-based buffer overflow                            |
|                  |                     |          |                           |                  | write in pcre32_copy_substring                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-7245                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-7246       |          |                           |                  | pcre: stack-based buffer overflow                            |
|                  |                     |          |                           |                  | write in pcre32_copy_substring                               |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-7246                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-20838      |          |                           |                  | pcre: buffer over-read in                                    |
|                  |                     |          |                           |                  | JIT when UTF is disabled                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-20838                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libpng16-16      | CVE-2018-14048      |          | 1.6.36-6                  |                  | libpng: Segmentation fault in                                |
|                  |                     |          |                           |                  | png.c:png_free_data function                                 |
|                  |                     |          |                           |                  | causing denial of service                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-14048                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-14550      |          |                           |                  | libpng: Stack-based buffer overflow in                       |
|                  |                     |          |                           |                  | contrib/pngminus/pnm2png.c:get_token()                       |
|                  |                     |          |                           |                  | potentially leading to                                       |
|                  |                     |          |                           |                  | arbitrary code execution...                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-14550                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-6129       |          |                           |                  | libpng: memory leak of                                       |
|                  |                     |          |                           |                  | png_info struct in pngcp.c                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-6129                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libseccomp2      | CVE-2019-9893       |          | 2.3.3-4                   |                  | libseccomp: incorrect generation                             |
|                  |                     |          |                           |                  | of syscall filters in libseccomp                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-9893                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libsepol1        | CVE-2021-36084      |          | 2.8-1                     |                  | libsepol: use-after-free in                                  |
|                  |                     |          |                           |                  | __cil_verify_classperms()                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36084                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-36085      |          |                           |                  | libsepol: use-after-free in                                  |
|                  |                     |          |                           |                  | __cil_verify_classperms()                                    |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36085                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-36086      |          |                           |                  | libsepol: use-after-free in                                  |
|                  |                     |          |                           |                  | cil_reset_classpermission()                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36086                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-36087      |          |                           |                  | libsepol: heap-based buffer                                  |
|                  |                     |          |                           |                  | overflow in ebitmap_match_any()                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-36087                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libsmartcols1    | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libssh2-1        | CVE-2019-13115      | HIGH     | 1.8.0-2.1                 |                  | libssh2: integer overflow in                                 |
|                  |                     |          |                           |                  | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|                  |                     |          |                           |                  | in kex.c leads to out-of-bounds write                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-13115                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-17498      | LOW      |                           |                  | libssh2: integer overflow in                                 |
|                  |                     |          |                           |                  | SSH_MSG_DISCONNECT logic in packet.c                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-17498                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libssl1.1        | CVE-2021-3711       | HIGH     | 1.1.1d-0+deb10u6          | 1.1.1d-0+deb10u7 | openssl: SM2 Decryption                                      |
|                  |                     |          |                           |                  | Buffer Overflow                                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3711                         |
+                  +---------------------+----------+                           +                  +--------------------------------------------------------------+
|                  | CVE-2021-3712       | MEDIUM   |                           |                  | openssl: Read buffer overruns                                |
|                  |                     |          |                           |                  | processing ASN.1 strings                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3712                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2007-6755       | LOW      |                           |                  | Dual_EC_DRBG: weak pseudo                                    |
|                  |                     |          |                           |                  | random number generator                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-0928       |          |                           |                  | openssl: RSA authentication weakness                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libstdc++6       | CVE-2018-12886      | HIGH     | 8.3.0-6                   |                  | gcc: spilling of stack                                       |
|                  |                     |          |                           |                  | protection address in cfgexpand.c                            |
|                  |                     |          |                           |                  | and function.c leads to...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-15847      |          |                           |                  | gcc: POWER9 "DARN" RNG intrinsic                             |
|                  |                     |          |                           |                  | produces repeated output                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libsystemd0      | CVE-2019-3843       |          | 241-7~deb10u8             |                  | systemd: services with DynamicUser                           |
|                  |                     |          |                           |                  | can create SUID/SGID binaries                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-3844       |          |                           |                  | systemd: services with DynamicUser                           |
|                  |                     |          |                           |                  | can get new privileges and                                   |
|                  |                     |          |                           |                  | create SGID binaries...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2013-4392       | LOW      |                           |                  | systemd: TOCTOU race condition                               |
|                  |                     |          |                           |                  | when updating file permissions                               |
|                  |                     |          |                           |                  | and SELinux security contexts...                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-20386      |          |                           |                  | systemd: memory leak in button_open()                        |
|                  |                     |          |                           |                  | in login/logind-button.c when                                |
|                  |                     |          |                           |                  | udev events are received...                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-13529      |          |                           |                  | systemd: DHCP FORCERENEW                                     |
|                  |                     |          |                           |                  | authentication not implemented                               |
|                  |                     |          |                           |                  | can cause a system running the...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-13529                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-13776      |          |                           |                  | systemd: Mishandles numerical                                |
|                  |                     |          |                           |                  | usernames beginning with decimal                             |
|                  |                     |          |                           |                  | digits or 0x followed by...                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libtasn1-6       | CVE-2018-1000654    |          | 4.13-3                    |                  | libtasn1: Infinite loop in                                   |
|                  |                     |          |                           |                  | _asn1_expand_object_id(ptree)                                |
|                  |                     |          |                           |                  | leads to memory exhaustion                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-1000654                      |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libtiff5         | CVE-2014-8130       |          | 4.1.0+git191117-2~deb10u2 |                  | libtiff: divide by zero                                      |
|                  |                     |          |                           |                  | in the tiffdither tool                                       |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2014-8130                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-16232      |          |                           |                  | libtiff: Memory leaks in                                     |
|                  |                     |          |                           |                  | tif_open.c, tif_lzw.c, and tif_aux.c                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-16232                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-17973      |          |                           |                  | libtiff: heap-based use after                                |
|                  |                     |          |                           |                  | free in tiff2pdf.c:t2p_writeproc                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-17973                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-5563       |          |                           |                  | libtiff: Heap-buffer overflow                                |
|                  |                     |          |                           |                  | in LZWEncode tif_lzw.c                                       |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-5563                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2017-9117       |          |                           |                  | libtiff: Heap-based buffer                                   |
|                  |                     |          |                           |                  | over-read in bmp2tiff                                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-9117                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-10126      |          |                           |                  | libtiff: NULL pointer dereference                            |
|                  |                     |          |                           |                  | in the jpeg_fdct_16x16                                       |
|                  |                     |          |                           |                  | function in jfdctint.c                                       |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-10126                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-35521      |          |                           |                  | libtiff: Memory allocation                                   |
|                  |                     |          |                           |                  | failure in tiff2rgba                                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-35521                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-35522      |          |                           |                  | libtiff: Memory allocation                                   |
|                  |                     |          |                           |                  | failure in tiff2rgba                                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-35522                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libudev1         | CVE-2019-3843       | HIGH     | 241-7~deb10u8             |                  | systemd: services with DynamicUser                           |
|                  |                     |          |                           |                  | can create SUID/SGID binaries                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-3843                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-3844       |          |                           |                  | systemd: services with DynamicUser                           |
|                  |                     |          |                           |                  | can get new privileges and                                   |
|                  |                     |          |                           |                  | create SGID binaries...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-3844                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2013-4392       | LOW      |                           |                  | systemd: TOCTOU race condition                               |
|                  |                     |          |                           |                  | when updating file permissions                               |
|                  |                     |          |                           |                  | and SELinux security contexts...                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2013-4392                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-20386      |          |                           |                  | systemd: memory leak in button_open()                        |
|                  |                     |          |                           |                  | in login/logind-button.c when                                |
|                  |                     |          |                           |                  | udev events are received...                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-20386                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-13529      |          |                           |                  | systemd: DHCP FORCERENEW                                     |
|                  |                     |          |                           |                  | authentication not implemented                               |
|                  |                     |          |                           |                  | can cause a system running the...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-13529                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-13776      |          |                           |                  | systemd: Mishandles numerical                                |
|                  |                     |          |                           |                  | usernames beginning with decimal                             |
|                  |                     |          |                           |                  | digits or 0x followed by...                                  |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-13776                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libuuid1         | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| libwebp6         | CVE-2016-9085       |          | 0.6.1-2+deb10u1           |                  | libwebp: Several integer overflows                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2016-9085                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libxml2          | CVE-2017-16932      | HIGH     | 2.9.4+dfsg1-7+deb10u2     |                  | libxml2: Infinite recursion                                  |
|                  |                     |          |                           |                  | in parameter entities                                        |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2017-16932                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2016-9318       | MEDIUM   |                           |                  | libxml2: XML External                                        |
|                  |                     |          |                           |                  | Entity vulnerability                                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2016-9318                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| libxslt1.1       | CVE-2015-9019       | LOW      | 1.1.32-2.2~deb10u1        |                  | libxslt: math.random() in                                    |
|                  |                     |          |                           |                  | xslt uses unseeded randomness                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2015-9019                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| login            | CVE-2007-5686       |          | 1:4.5-1.1                 |                  | initscripts in rPath Linux 1                                 |
|                  |                     |          |                           |                  | sets insecure permissions for                                |
|                  |                     |          |                           |                  | the /var/log/btmp file,...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2013-4235       |          |                           |                  | shadow-utils: TOCTOU race                                    |
|                  |                     |          |                           |                  | conditions by copying and                                    |
|                  |                     |          |                           |                  | removing directory trees                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-7169       |          |                           |                  | shadow-utils: newgidmap                                      |
|                  |                     |          |                           |                  | allows unprivileged user to                                  |
|                  |                     |          |                           |                  | drop supplementary groups                                    |
|                  |                     |          |                           |                  | potentially allowing privilege...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-19882      |          |                           |                  | shadow-utils: local users can                                |
|                  |                     |          |                           |                  | obtain root access because setuid                            |
|                  |                     |          |                           |                  | programs are misconfigured...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | TEMP-0628843-DBAD28 |          |                           |                  | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| mount            | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| nginx            | CVE-2021-3618       | HIGH     | 1.21.1-1~buster           |                  | ALPACA: Application Layer                                    |
|                  |                     |          |                           |                  | Protocol Confusion - Analyzing                               |
|                  |                     |          |                           |                  | and Mitigating Cracks in TLS...                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3618                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2020-36309      | MEDIUM   |                           |                  | ngx_http_lua_module (aka                                     |
|                  |                     |          |                           |                  | lua-nginx-module) before                                     |
|                  |                     |          |                           |                  | 0.10.16 in OpenResty allows                                  |
|                  |                     |          |                           |                  | unsafe characters in an...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2020-36309                        |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2009-4487       | LOW      |                           |                  | nginx: Absent sanitation of                                  |
|                  |                     |          |                           |                  | escape sequences in web server log                           |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2009-4487                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2013-0337       |          |                           |                  | The default configuration of nginx,                          |
|                  |                     |          |                           |                  | possibly 1.3.13 and earlier, uses                            |
|                  |                     |          |                           |                  | world-readable permissions...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2013-0337                         |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+
| openssl          | CVE-2021-3711       | HIGH     | 1.1.1d-0+deb10u6          | 1.1.1d-0+deb10u7 | openssl: SM2 Decryption                                      |
|                  |                     |          |                           |                  | Buffer Overflow                                              |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3711                         |
+                  +---------------------+----------+                           +                  +--------------------------------------------------------------+
|                  | CVE-2021-3712       | MEDIUM   |                           |                  | openssl: Read buffer overruns                                |
|                  |                     |          |                           |                  | processing ASN.1 strings                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-3712                         |
+                  +---------------------+----------+                           +------------------+--------------------------------------------------------------+
|                  | CVE-2007-6755       | LOW      |                           |                  | Dual_EC_DRBG: weak pseudo                                    |
|                  |                     |          |                           |                  | random number generator                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2007-6755                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2010-0928       |          |                           |                  | openssl: RSA authentication weakness                         |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2010-0928                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| passwd           | CVE-2007-5686       |          | 1:4.5-1.1                 |                  | initscripts in rPath Linux 1                                 |
|                  |                     |          |                           |                  | sets insecure permissions for                                |
|                  |                     |          |                           |                  | the /var/log/btmp file,...                                   |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2007-5686                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2013-4235       |          |                           |                  | shadow-utils: TOCTOU race                                    |
|                  |                     |          |                           |                  | conditions by copying and                                    |
|                  |                     |          |                           |                  | removing directory trees                                     |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2013-4235                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2018-7169       |          |                           |                  | shadow-utils: newgidmap                                      |
|                  |                     |          |                           |                  | allows unprivileged user to                                  |
|                  |                     |          |                           |                  | drop supplementary groups                                    |
|                  |                     |          |                           |                  | potentially allowing privilege...                            |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2018-7169                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-19882      |          |                           |                  | shadow-utils: local users can                                |
|                  |                     |          |                           |                  | obtain root access because setuid                            |
|                  |                     |          |                           |                  | programs are misconfigured...                                |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-19882                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | TEMP-0628843-DBAD28 |          |                           |                  | -->security-tracker.debian.org/tracker/TEMP-0628843-DBAD28   |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| perl-base        | CVE-2011-4116       |          | 5.28.1-6+deb10u1          |                  | perl: File::Temp insecure                                    |
|                  |                     |          |                           |                  | temporary file handling                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2011-4116                         |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| sysvinit-utils   | TEMP-0517018-A83CE6 |          | 2.93-8                    |                  | -->security-tracker.debian.org/tracker/TEMP-0517018-A83CE6   |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| tar              | CVE-2005-2541       |          | 1.30+dfsg-6               |                  | tar: does not properly warn the user                         |
|                  |                     |          |                           |                  | when extracting setuid or setgid...                          |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2005-2541                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2019-9923       |          |                           |                  | tar: null-pointer dereference                                |
|                  |                     |          |                           |                  | in pax_decode_header in sparse.c                             |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2019-9923                         |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | CVE-2021-20193      |          |                           |                  | tar: Memory leak in                                          |
|                  |                     |          |                           |                  | read_header() in list.c                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-20193                        |
+                  +---------------------+          +                           +------------------+--------------------------------------------------------------+
|                  | TEMP-0290435-0B57B5 |          |                           |                  | -->security-tracker.debian.org/tracker/TEMP-0290435-0B57B5   |
+------------------+---------------------+          +---------------------------+------------------+--------------------------------------------------------------+
| util-linux       | CVE-2021-37600      |          | 2.33.1-0.1                |                  | util-linux: integer overflow                                 |
|                  |                     |          |                           |                  | can lead to buffer overflow                                  |
|                  |                     |          |                           |                  | in get_sem_elements() in                                     |
|                  |                     |          |                           |                  | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                  | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+------------------+--------------------------------------------------------------+

sysnet4admin/chk-info

[root@m-k8s ~]# trivy image sysnet4admin/chk-info
2021-08-28T07:47:35.046+0900    INFO    Detected OS: debian
2021-08-28T07:47:35.051+0900    INFO    Detecting Debian vulnerabilities...
2021-08-28T07:47:35.161+0900    INFO    Number of language-specific files: 1

sysnet4admin/chk-info (debian 10.9)
===================================
Total: 209 (UNKNOWN: 1, LOW: 129, MEDIUM: 22, HIGH: 40, CRITICAL: 17)

+------------------+---------------------+----------+---------------------------+-----------------------+--------------------------------------------------------------+
|     LIBRARY      |  VULNERABILITY ID   | SEVERITY |     INSTALLED VERSION     |     FIXED VERSION     |                            TITLE                             |
+------------------+---------------------+----------+---------------------------+-----------------------+--------------------------------------------------------------+
| apt              | CVE-2011-3374       | LOW      | 1.8.2.3                   |                       | It was found that apt-key in apt,                            |
|                  |                     |          |                           |                       | all versions, do not correctly...                            |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+------------------+---------------------+          +---------------------------+-----------------------+--------------------------------------------------------------+
| bash             | CVE-2019-18276      |          | 5.0-4                     |                       | bash: when effective UID is not                              |
|                  |                     |          |                           |                       | equal to its real UID the...                                 |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-18276                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | TEMP-0841856-B18BAF |          |                           |                       | -->security-tracker.debian.org/tracker/TEMP-0841856-B18BAF   |
+------------------+---------------------+          +---------------------------+-----------------------+--------------------------------------------------------------+
| bsdutils         | CVE-2021-37600      |          | 2.33.1-0.1                |                       | util-linux: integer overflow                                 |
|                  |                     |          |                           |                       | can lead to buffer overflow                                  |
|                  |                     |          |                           |                       | in get_sem_elements() in                                     |
|                  |                     |          |                           |                       | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+          +---------------------------+-----------------------+--------------------------------------------------------------+
| coreutils        | CVE-2016-2781       |          | 8.30-3                    |                       | coreutils: Non-privileged                                    |
|                  |                     |          |                           |                       | session can escape to the                                    |
|                  |                     |          |                           |                       | parent session in chroot                                     |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2016-2781                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2017-18018      |          |                           |                       | coreutils: race condition                                    |
|                  |                     |          |                           |                       | vulnerability in chown and chgrp                             |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2017-18018                        |
+------------------+---------------------+----------+---------------------------+-----------------------+--------------------------------------------------------------+
| curl             | CVE-2021-22924      | HIGH     | 7.64.0-4+deb10u2          |                       | curl: Bad connection reuse                                   |
|                  |                     |          |                           |                       | due to flawed path name checks                               |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-22924                        |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-22898      | LOW      |                           |                       | curl: TELNET stack                                           |
|                  |                     |          |                           |                       | contents disclosure                                          |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-22898                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-22922      |          |                           |                       | curl: Content not matching hash                              |
|                  |                     |          |                           |                       | in Metalink is not being discarded                           |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-22922                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-22923      |          |                           |                       | curl: Metalink download                                      |
|                  |                     |          |                           |                       | sends credentials                                            |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-22923                        |
+------------------+---------------------+          +---------------------------+-----------------------+--------------------------------------------------------------+
| fdisk            | CVE-2021-37600      |          | 2.33.1-0.1                |                       | util-linux: integer overflow                                 |
|                  |                     |          |                           |                       | can lead to buffer overflow                                  |
|                  |                     |          |                           |                       | in get_sem_elements() in                                     |
|                  |                     |          |                           |                       | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+-----------------------+--------------------------------------------------------------+
| gcc-8-base       | CVE-2018-12886      | HIGH     | 8.3.0-6                   |                       | gcc: spilling of stack                                       |
|                  |                     |          |                           |                       | protection address in cfgexpand.c                            |
|                  |                     |          |                           |                       | and function.c leads to...                                   |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2018-12886                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-15847      |          |                           |                       | gcc: POWER9 "DARN" RNG intrinsic                             |
|                  |                     |          |                           |                       | produces repeated output                                     |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-15847                        |
+------------------+---------------------+----------+---------------------------+-----------------------+--------------------------------------------------------------+
| gpgv             | CVE-2019-14855      | LOW      | 2.2.12-1+deb10u1          |                       | gnupg2: OpenPGP Key Certification                            |
|                  |                     |          |                           |                       | Forgeries with SHA-1                                         |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-14855                        |
+------------------+---------------------+          +---------------------------+-----------------------+--------------------------------------------------------------+
| libapt-pkg5.0    | CVE-2011-3374       |          | 1.8.2.3                   |                       | It was found that apt-key in apt,                            |
|                  |                     |          |                           |                       | all versions, do not correctly...                            |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2011-3374                         |
+------------------+---------------------+          +---------------------------+-----------------------+--------------------------------------------------------------+
| libblkid1        | CVE-2021-37600      |          | 2.33.1-0.1                |                       | util-linux: integer overflow                                 |
|                  |                     |          |                           |                       | can lead to buffer overflow                                  |
|                  |                     |          |                           |                       | in get_sem_elements() in                                     |
|                  |                     |          |                           |                       | sys-utils/ipcutils.c...                                      |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-37600                        |
+------------------+---------------------+----------+---------------------------+-----------------------+--------------------------------------------------------------+
| libc-bin         | CVE-2021-33574      | CRITICAL | 2.28-10                   |                       | glibc: mq_notify does                                        |
|                  |                     |          |                           |                       | not handle separately                                        |
|                  |                     |          |                           |                       | allocated thread attributes                                  |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-33574                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-35942      |          |                           |                       | glibc: Arbitrary read in wordexp()                           |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-35942                        |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-1751       | HIGH     |                           |                       | glibc: array overflow in                                     |
|                  |                     |          |                           |                       | backtrace functions for powerpc                              |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-1752       |          |                           |                       | glibc: use-after-free in glob()                              |
|                  |                     |          |                           |                       | function when expanding ~user                                |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-3326       |          |                           |                       | glibc: Assertion failure in                                  |
|                  |                     |          |                           |                       | ISO-2022-JP-3 gconv module                                   |
|                  |                     |          |                           |                       | related to combining characters                              |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-25013      | MEDIUM   |                           |                       | glibc: buffer over-read in                                   |
|                  |                     |          |                           |                       | iconv when processing invalid                                |
|                  |                     |          |                           |                       | multi-byte input sequences in...                             |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-10029      |          |                           |                       | glibc: stack corruption                                      |
|                  |                     |          |                           |                       | from crafted input in cosl,                                  |
|                  |                     |          |                           |                       | sinl, sincosl, and tanl...                                   |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-27618      |          |                           |                       | glibc: iconv when processing                                 |
|                  |                     |          |                           |                       | invalid multi-byte input                                     |
|                  |                     |          |                           |                       | sequences fails to advance the...                            |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2010-4051       | LOW      |                           |                       | CVE-2010-4052 glibc: De-recursivise                          |
|                  |                     |          |                           |                       | regular expression engine                                    |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2010-4052       |          |                           |                       | CVE-2010-4051 CVE-2010-4052                                  |
|                  |                     |          |                           |                       | glibc: De-recursivise                                        |
|                  |                     |          |                           |                       | regular expression engine                                    |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2010-4052                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2010-4756       |          |                           |                       | glibc: glob implementation                                   |
|                  |                     |          |                           |                       | can cause excessive CPU and                                  |
|                  |                     |          |                           |                       | memory consumption due to...                                 |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2010-4756                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2016-10228      |          |                           |                       | glibc: iconv program can hang                                |
|                  |                     |          |                           |                       | when invoked with the -c option                              |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2016-10228                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2018-20796      |          |                           |                       | glibc: uncontrolled recursion in                             |
|                  |                     |          |                           |                       | function check_dst_limits_calc_pos_1                         |
|                  |                     |          |                           |                       | in posix/regexec.c                                           |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2018-20796                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010022    |          |                           |                       | glibc: stack guard protection bypass                         |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-1010022                      |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010023    |          |                           |                       | glibc: running ldd on malicious ELF                          |
|                  |                     |          |                           |                       | leads to code execution because of...                        |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-1010023                      |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010024    |          |                           |                       | glibc: ASLR bypass using                                     |
|                  |                     |          |                           |                       | cache of thread stack and heap                               |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-1010024                      |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-1010025    |          |                           |                       | glibc: information disclosure of heap                        |
|                  |                     |          |                           |                       | addresses of pthread_created thread                          |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-1010025                      |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-19126      |          |                           |                       | glibc: LD_PREFER_MAP_32BIT_EXEC                              |
|                  |                     |          |                           |                       | not ignored in setuid binaries                               |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-19126                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-9192       |          |                           |                       | glibc: uncontrolled recursion in                             |
|                  |                     |          |                           |                       | function check_dst_limits_calc_pos_1                         |
|                  |                     |          |                           |                       | in posix/regexec.c                                           |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-9192                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-6096       |          |                           |                       | glibc: signed comparison                                     |
|                  |                     |          |                           |                       | vulnerability in the                                         |
|                  |                     |          |                           |                       | ARMv7 memcpy function                                        |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-6096                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-27645      |          |                           |                       | glibc: Use-after-free in                                     |
|                  |                     |          |                           |                       | addgetnetgrentX function                                     |
|                  |                     |          |                           |                       | in netgroupcache.c                                           |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-27645                        |
+------------------+---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
| libc6            | CVE-2021-33574      | CRITICAL |                           |                       | glibc: mq_notify does                                        |
|                  |                     |          |                           |                       | not handle separately                                        |
|                  |                     |          |                           |                       | allocated thread attributes                                  |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-33574                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-35942      |          |                           |                       | glibc: Arbitrary read in wordexp()                           |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-35942                        |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-1751       | HIGH     |                           |                       | glibc: array overflow in                                     |
|                  |                     |          |                           |                       | backtrace functions for powerpc                              |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-1751                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-1752       |          |                           |                       | glibc: use-after-free in glob()                              |
|                  |                     |          |                           |                       | function when expanding ~user                                |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-1752                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2021-3326       |          |                           |                       | glibc: Assertion failure in                                  |
|                  |                     |          |                           |                       | ISO-2022-JP-3 gconv module                                   |
|                  |                     |          |                           |                       | related to combining characters                              |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2021-3326                         |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2019-25013      | MEDIUM   |                           |                       | glibc: buffer over-read in                                   |
|                  |                     |          |                           |                       | iconv when processing invalid                                |
|                  |                     |          |                           |                       | multi-byte input sequences in...                             |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2019-25013                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-10029      |          |                           |                       | glibc: stack corruption                                      |
|                  |                     |          |                           |                       | from crafted input in cosl,                                  |
|                  |                     |          |                           |                       | sinl, sincosl, and tanl...                                   |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-10029                        |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2020-27618      |          |                           |                       | glibc: iconv when processing                                 |
|                  |                     |          |                           |                       | invalid multi-byte input                                     |
|                  |                     |          |                           |                       | sequences fails to advance the...                            |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2020-27618                        |
+                  +---------------------+----------+                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2010-4051       | LOW      |                           |                       | CVE-2010-4052 glibc: De-recursivise                          |
|                  |                     |          |                           |                       | regular expression engine                                    |
|                  |                     |          |                           |                       | -->avd.aquasec.com/nvd/cve-2010-4051                         |
+                  +---------------------+          +                           +-----------------------+--------------------------------------------------------------+
|                  | CVE-2010-4052       |          |                           |                       | CVE-2010-4051 CVE-2010-4052                                  |
|                  |                     |          |                           |                       | glibc: De-recursivise                                        |