docker pull docker.elastic.co/enterprise-search/enterprise-search:8.6.2-arm64| CVE | Package | Version | Description |
|---|---|---|---|
| CVE-2022-48303 | tar | 1.29b-2ubuntu0.3 | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. |
| CVE-2023-24329 | python2.7 | 2.7.17-1~18.04ubuntu1.10 | An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. |
| CVE-2021-37750 | krb5 | 1.16-2ubuntu0.3 | The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. |
| CVE-2021-36222 | krb5 | 1.16-2ubuntu0.3 | ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. |
| CVE-2023-23916 | curl | 7.58.0-2ubuntu3.22 | An allocation of resources without limits or throttling vulnerability exists in curl |
| CVE-2023-27535 | curl | 7.58.0-2ubuntu3.22 | FTP too eager connection reuse |
| CVE-2020-13844 | gcc-7 | 7.5.0-3ubuntu1~18.04 | Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." |
| CVE-2021-31879 | wget | 1.19.4-1ubuntu2.2 | GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. |
| CVE-2022-3821 | systemd | 237-3ubuntu10.56 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. |
| CVE-2020-13844 | gcc-8 | 8.4.0-1ubuntu1~18.04 | Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." |
| CVE-2019-9513 | nghttp2 | 1.30.0-1ubuntu1 | Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU. |
| CVE-2019-9511 | nghttp2 | 1.30.0-1ubuntu1 | Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both. |
| CVE | Package | Version | Description |
|---|---|---|---|
| CVE-2022-3857 | libpng1.6 | 1.6.34-1ubuntu0.18.04.2 | A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function. |
| CVE-2018-14048 | libpng1.6 | 1.6.34-1ubuntu0.18.04.2 | An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. |
| CVE-2023-27536 | curl | 7.58.0-2ubuntu3.22 | GSS delegation too eager connection re-use |
| CVE-2023-27538 | curl | 7.58.0-2ubuntu3.22 | SSH connection too eager reuse still |
| CVE-2023-27533 | curl | 7.58.0-2ubuntu3.22 | TELNET option IAC injection |
| CVE-2023-27534 | curl | 7.58.0-2ubuntu3.22 | SFTP path ~ resolving discrepancy |
| CVE-2020-13776 | systemd | 237-3ubuntu10.56 | systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. |
| CVE-2023-26604 | systemd | 237-3ubuntu10.56 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. |
| CVE-2013-4235 | shadow | 1:4.5-1ubuntu2.5 | shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees |
| CVE-2018-20673 | binutils | 2.30-21ubuntu1~18.04.8 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for "Create an array for saving the template argument values") that can trigger a heap-based buffer overflow, as demonstrated by nm. |
| CVE-2021-46195 | binutils | 2.30-21ubuntu1~18.04.8 | GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c. This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. |
| CVE-2017-13716 | binutils | 2.30-21ubuntu1~18.04.8 | The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd). |
| CVE-2019-1010204 | binutils | 2.30-21ubuntu1~18.04.8 | GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. |
| CVE-2020-25697 | libx11 | 2:1.6.4-3ubuntu0.4 | A privilege escalation flaw was found due to lack of authentication for X11 clients. An attacker could use this flaw to take control of an X application by impersonating the server it is expecting to connect to. |
| CVE-2022-3219 | gnupg2 | 2.2.4-1ubuntu1.6 | GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. |
| CVE-2016-2781 | coreutils | 8.28-1ubuntu1 | chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. |
| CVE-2018-16868 | gnutls28 | 3.5.18-1ubuntu1.6 | A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server. |
| CVE-2018-10906 | fuse | 2.9.7-1ubuntu1 | In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects. |
| CVE-2016-10739 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings. |
| CVE | Package | Version | Description |
|---|---|---|---|
| CVE-2021-45261 | patch | 2.7.6-2ubuntu1.1 | An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service. |
| CVE-2018-6952 | patch | 2.7.6-2ubuntu1.1 | A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. |
| CVE-2018-5709 | krb5 | 1.16-2ubuntu0.3 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data. |
| CVE-2021-39537 | ncurses | 6.1-1ubuntu1.18.04 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. |
| CVE-2022-29458 | ncurses | 6.1-1ubuntu1.18.04 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. |
| CVE-2019-17594 | ncurses | 6.1-1ubuntu1.18.04 | There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
| CVE-2019-17595 | ncurses | 6.1-1ubuntu1.18.04 | There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012. |
| CVE-2018-1000654 | libtasn1-6 | 4.13-2 | GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file. |
| CVE-2021-45078 | binutils | 2.30-21ubuntu1~18.04.8 | stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. |
| CVE-2018-20657 | binutils | 2.30-21ubuntu1~18.04.8 | The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. |
| CVE-2017-11164 | pcre3 | 2:8.39-9ubuntu0.1 | In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression. |
| CVE-2018-20796 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep. |
| CVE-2019-7309 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled. |
| CVE-2009-5155 | glibc | 2.27-3ubuntu1.6 | In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. |
| CVE-2015-8985 | glibc | 2.27-3ubuntu1.6 | The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing. |
| CVE-2016-20013 | glibc | 2.27-3ubuntu1.6 | sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password. |