Skip to content

GitLab

Open
Created by Administrator@rootMaintainer

Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Information Exposure

Created by: armorcodegithubpreprod[bot]

Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Information Exposure

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.2u-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl1.0 package. See How to fix? for Debian:9 relevant versions.

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.2l-2+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl1.0 package. See How to fix? for Debian:9 relevant versions.

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><8u162-b12-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openjdk-8 package. See How to fix? for Debian:9 relevant versions.

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2:3.26.2-1.1+deb9u2
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream nss package. See How to fix? for Debian:9 relevant versions.

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2.2.1-8+deb9u3
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream cups package. See How to fix? for Debian:9 relevant versions.

The session cookie generated by the CUPS web interface was easy to guess on Linux, allowing unauthorized scripted access to the web interface when the web interface is enabled. This issue affected versions prior to v2.2.10.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.1.0f-3+deb9u2
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See How to fix? for Debian:9 relevant versions.

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.1.0f-3+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See How to fix? for Debian:9 relevant versions.

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><8u151-b12-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openjdk-8 package. See How to fix? for Debian:9 relevant versions.

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><2:3.26.2-1.1+deb9u2
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream nss package. See How to fix? for Debian:9 relevant versions.

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><7.52.1-5+deb9u14
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Debian:9 relevant versions.

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><8u162-b12-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openjdk-8 package. See How to fix? for Debian:9 relevant versions.

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream nettle package.

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): >*
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream gnutls28 package.

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: mature
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.1.0j-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See How to fix? for Debian:9 relevant versions.

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.2r-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl1.0 package. See How to fix? for Debian:9 relevant versions.

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.7.6-2+deb9u3
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcrypt20 package. See How to fix? for Debian:9 relevant versions.

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><7.52.1-5+deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See How to fix? for Debian:9 relevant versions.

When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn't restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl's redirect protocols with --proto-redir and libcurl's with CURLOPT_REDIR_PROTOCOLS.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: mature
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.2q-1~deb9u1
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl1.0 package. See How to fix? for Debian:9 relevant versions.

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active

Component Details

  • Exploit Maturity: no-known-exploit
  • Vulnerable Package: -
  • Current Version: -
  • Vulnerable Version(s): ><1.0.2l-2+deb9u2
  • Vulnerable Path: >null

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl1.0 package. See How to fix? for Debian:9 relevant versions.

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

References

Origin : null Type : null Image Id : null

Snyk Project Status: Active