cx_result.sarif

{"$schema":"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"Checkmarx One","version":"1.0","informationUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","rules":[{"id":"487f4be7-3fd9-4506-a07a-eae252180c08 [Taken from query_id] (kics)","name":"Passwords And Secrets - Generic Password","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Query to find passwords and secrets in infrastructure code. Value: Hardcoded secret key appears in source Excepted value: Hardcoded secret key should not appear in source","markdown":"Query to find passwords and secrets in infrastructure code. \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eValue:\u003c/strong\u003e Hardcoded secret key appears in source \u003cbr\u003e\u003cstrong\u003eExcepted value:\u003c/strong\u003e Hardcoded secret key should not appear in source"},"fullDescription":{"text":"Query to find passwords and secrets in infrastructure code. Value: Hardcoded secret key appears in source Excepted value: Hardcoded secret key should not appear in source"},"properties":{"security-severity":"9.0","name":"Passwords And Secrets - Generic Password","id":"487f4be7-3fd9-4506-a07a-eae252180c08 [Taken from query_id] (kics)","description":"Query to find passwords and secrets in infrastructure code. Value: Hardcoded secret key appears in source Excepted value: Hardcoded secret key should not appear in source","tags":["security","checkmarx","kics"]}},{"id":"17810866942529238742 (sast)","name":"SQL Injection","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The application\u0026#39;s retrieve method executes an SQL query with execute, at line 45 of /src/core/db.py. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.\n\nAn attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input headers; this input is then read by the admin_credit method at line 315 of /src/main.py. This input then flows through the code, into a query and to the database server - without sanitization.\r\n\r\nThis may enable an SQL Injection attack.\n\n","markdown":"The application\u0026#39;s retrieve method executes an SQL query with execute, at line 45 of /src/core/db.py. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.\n\nAn attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input headers; this input is then read by the admin_credit method at line 315 of /src/main.py. This input then flows through the code, into a query and to the database server - without sanitization.\r\n\r\nThis may enable an SQL Injection attack.\n\n"},"fullDescription":{"text":"The application\u0026#39;s retrieve method executes an SQL query with execute, at line 45 of /src/core/db.py. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.\n\nAn attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input headers; this input is then read by the admin_credit method at line 315 of /src/main.py. This input then flows through the code, into a query and to the database server - without sanitization.\r\n\r\nThis may enable an SQL Injection attack.\n\n"},"properties":{"security-severity":"9.0","name":"SQL Injection","id":"17810866942529238742 (sast)","description":"The application\u0026#39;s retrieve method executes an SQL query with execute, at line 45 of /src/core/db.py. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.\n\nAn attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input headers; this input is then read by the admin_credit method at line 315 of /src/main.py. This input then flows through the code, into a query and to the database server - without sanitization.\r\n\r\nThis may enable an SQL Injection attack.\n\n","tags":["security","checkmarx","sast"]}},{"id":"fd54f200-402c-4333-a5a4-36ef6709af2f [Taken from query_id] (kics)","name":"Missing User Instruction","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A user should be specified in the dockerfile, otherwise the image will run as root Value: The 'Dockerfile' does not contain any 'USER' instruction Excepted value: The 'Dockerfile' should contain the 'USER' instruction","markdown":"A user should be specified in the dockerfile, otherwise the image will run as root \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eValue:\u003c/strong\u003e The 'Dockerfile' does not contain any 'USER' instruction \u003cbr\u003e\u003cstrong\u003eExcepted value:\u003c/strong\u003e The 'Dockerfile' should contain the 'USER' instruction"},"fullDescription":{"text":"A user should be specified in the dockerfile, otherwise the image will run as root Value: The 'Dockerfile' does not contain any 'USER' instruction Excepted value: The 'Dockerfile' should contain the 'USER' instruction"},"properties":{"security-severity":"7.0","name":"Missing User Instruction","id":"fd54f200-402c-4333-a5a4-36ef6709af2f [Taken from query_id] (kics)","description":"A user should be specified in the dockerfile, otherwise the image will run as root Value: The 'Dockerfile' does not contain any 'USER' instruction Excepted value: The 'Dockerfile' should contain the 'USER' instruction","tags":["security","checkmarx","kics"]}},{"id":"CVE-2005-2541 (sca)","name":"Cve20052541","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.","markdown":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."},"fullDescription":{"text":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."},"properties":{"security-severity":"7.0","name":"Cve20052541","id":"CVE-2005-2541 (sca)","description":"Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2008-1687 (sca)","name":"Cve20081687","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.","markdown":"The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename."},"fullDescription":{"text":"The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename."},"properties":{"security-severity":"7.0","name":"Cve20081687","id":"CVE-2008-1687 (sca)","description":"The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2008-1688 (sca)","name":"Cve20081688","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.  NOTE: it is not clear when this issue crosses privilege boundaries.","markdown":"Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.  NOTE: it is not clear when this issue crosses privilege boundaries."},"fullDescription":{"text":"Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.  NOTE: it is not clear when this issue crosses privilege boundaries."},"properties":{"security-severity":"7.0","name":"Cve20081688","id":"CVE-2008-1688 (sca)","description":"Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option.  NOTE: it is not clear when this issue crosses privilege boundaries.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2008-4609 (sca)","name":"Cve20084609","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.","markdown":"The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."},"fullDescription":{"text":"The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress."},"properties":{"security-severity":"7.0","name":"Cve20084609","id":"CVE-2008-4609 (sca)","description":"The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2009-3546 (sca)","name":"Cve20093546","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.","markdown":"The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information."},"fullDescription":{"text":"The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information."},"properties":{"security-severity":"7.0","name":"Cve20093546","id":"CVE-2009-3546 (sca)","description":"The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2013-7445 (sca)","name":"Cve20137445","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.","markdown":"The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox."},"fullDescription":{"text":"The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox."},"properties":{"security-severity":"7.0","name":"Cve20137445","id":"CVE-2013-7445 (sca)","description":"The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9113 (sca)","name":"Cve20169113","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u0026gt;comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.","markdown":"There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u0026gt;comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service."},"fullDescription":{"text":"There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u0026gt;comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service."},"properties":{"security-severity":"7.0","name":"Cve20169113","id":"CVE-2016-9113 (sca)","description":"There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image-\u0026gt;comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9114 (sca)","name":"Cve20169114","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u0026gt;comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.","markdown":"There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u0026gt;comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service."},"fullDescription":{"text":"There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u0026gt;comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service."},"properties":{"security-severity":"7.0","name":"Cve20169114","id":"CVE-2016-9114 (sca)","description":"There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image-\u0026gt;comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9580 (sca)","name":"Cve20169580","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.","markdown":"An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow."},"fullDescription":{"text":"An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow."},"properties":{"security-severity":"7.0","name":"Cve20169580","id":"CVE-2016-9580 (sca)","description":"An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9581 (sca)","name":"Cve20169581","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.","markdown":"An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2."},"fullDescription":{"text":"An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2."},"properties":{"security-severity":"7.0","name":"Cve20169581","id":"CVE-2016-9581 (sca)","description":"An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9918 (sca)","name":"Cve20169918","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, an out-of-bounds read was identified in \u0026#34;packet_hexdump\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","markdown":"In BlueZ 5.42, an out-of-bounds read was identified in \u0026#34;packet_hexdump\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."},"fullDescription":{"text":"In BlueZ 5.42, an out-of-bounds read was identified in \u0026#34;packet_hexdump\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."},"properties":{"security-severity":"7.0","name":"Cve20169918","id":"CVE-2016-9918 (sca)","description":"In BlueZ 5.42, an out-of-bounds read was identified in \u0026#34;packet_hexdump\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-16232 (sca)","name":"Cve201716232","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.","markdown":"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue."},"fullDescription":{"text":"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue."},"properties":{"security-severity":"7.0","name":"Cve201716232","id":"CVE-2017-16232 (sca)","description":"** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-17479 (sca)","name":"Cve201717479","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.","markdown":"In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."},"fullDescription":{"text":"In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."},"properties":{"security-severity":"7.0","name":"Cve201717479","id":"CVE-2017-17479 (sca)","description":"In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-17973 (sca)","name":"Cve201717973","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.","markdown":"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue."},"fullDescription":{"text":"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue."},"properties":{"security-severity":"7.0","name":"Cve201717973","id":"CVE-2017-17973 (sca)","description":"** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-5563 (sca)","name":"Cve20175563","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.","markdown":"LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."},"fullDescription":{"text":"LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff."},"properties":{"security-severity":"7.0","name":"Cve20175563","id":"CVE-2017-5563 (sca)","description":"LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-9117 (sca)","name":"Cve20179117","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.","markdown":"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff."},"fullDescription":{"text":"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff."},"properties":{"security-severity":"7.0","name":"Cve20179117","id":"CVE-2017-9117 (sca)","description":"In LibTIFF 4.0.7, the program processes BMP images without verifying that biWidth and biHeight in the bitmap-information header match the actual input, leading to a heap-based buffer over-read in bmp2tiff.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-1000021 (sca)","name":"Cve20181000021","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).","markdown":"GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack)."},"fullDescription":{"text":"GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack)."},"properties":{"security-severity":"7.0","name":"Cve20181000021","id":"CVE-2018-1000021 (sca)","description":"GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-16375 (sca)","name":"Cve201816375","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.","markdown":"An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow."},"fullDescription":{"text":"An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow."},"properties":{"security-severity":"7.0","name":"Cve201816375","id":"CVE-2018-16375 (sca)","description":"An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-16376 (sca)","name":"Cve201816376","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.","markdown":"An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact."},"fullDescription":{"text":"An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact."},"properties":{"security-severity":"7.0","name":"Cve201816376","id":"CVE-2018-16376 (sca)","description":"An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-18483 (sca)","name":"Cve201818483","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.","markdown":"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt."},"fullDescription":{"text":"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt."},"properties":{"security-severity":"7.0","name":"Cve201818483","id":"CVE-2018-18483 (sca)","description":"The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-20796 (sca)","name":"Cve201820796","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+\u0026#39; in grep.","markdown":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+\u0026#39; in grep."},"fullDescription":{"text":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+\u0026#39; in grep."},"properties":{"security-severity":"7.0","name":"Cve201820796","id":"CVE-2018-20796 (sca)","description":"In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+\u0026#39; in grep.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-5709 (sca)","name":"Cve20185709","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \u0026#34;dbentry-\u0026gt;n_key_data\u0026#34; in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \u0026#34;u4\u0026#34; variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.","markdown":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \u0026#34;dbentry-\u0026gt;n_key_data\u0026#34; in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \u0026#34;u4\u0026#34; variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data."},"fullDescription":{"text":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \u0026#34;dbentry-\u0026gt;n_key_data\u0026#34; in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \u0026#34;u4\u0026#34; variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data."},"properties":{"security-severity":"7.0","name":"Cve20185709","id":"CVE-2018-5709 (sca)","description":"An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \u0026#34;dbentry-\u0026gt;n_key_data\u0026#34; in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \u0026#34;u4\u0026#34; variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-6829 (sca)","name":"Cve20186829","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt\u0026#39;s ElGamal implementation.","markdown":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt\u0026#39;s ElGamal implementation."},"fullDescription":{"text":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt\u0026#39;s ElGamal implementation."},"properties":{"security-severity":"7.0","name":"Cve20186829","id":"CVE-2018-6829 (sca)","description":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt\u0026#39;s ElGamal implementation.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-6951 (sca)","name":"Cve20186951","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \u0026#34;mangled rename\u0026#34; issue.","markdown":"An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \u0026#34;mangled rename\u0026#34; issue."},"fullDescription":{"text":"An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \u0026#34;mangled rename\u0026#34; issue."},"properties":{"security-severity":"7.0","name":"Cve20186951","id":"CVE-2018-6951 (sca)","description":"An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a \u0026#34;mangled rename\u0026#34; issue.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-6952 (sca)","name":"Cve20186952","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.","markdown":"A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."},"fullDescription":{"text":"A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6."},"properties":{"security-severity":"7.0","name":"Cve20186952","id":"CVE-2018-6952 (sca)","description":"A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-1010022 (sca)","name":"Cve20191010022","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;","markdown":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;"},"properties":{"security-severity":"7.0","name":"Cve20191010022","id":"CVE-2019-1010022 (sca)","description":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-1010023 (sca)","name":"Cve20191010023","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;","markdown":"** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;"},"properties":{"security-severity":"7.0","name":"Cve20191010023","id":"CVE-2019-1010023 (sca)","description":"** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12456 (sca)","name":"Cve201912456","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \u0026#34;double fetch\u0026#34; vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.","markdown":"** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \u0026#34;double fetch\u0026#34; vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \u0026#34;double fetch\u0026#34; vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used."},"properties":{"security-severity":"7.0","name":"Cve201912456","id":"CVE-2019-12456 (sca)","description":"** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a \u0026#34;double fetch\u0026#34; vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-19070 (sca)","name":"Cve201919070","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.","markdown":"** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began."},"fullDescription":{"text":"** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began."},"properties":{"security-severity":"7.0","name":"Cve201919070","id":"CVE-2019-19070 (sca)","description":"** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-19814 (sca)","name":"Cve201919814","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.","markdown":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this."},"fullDescription":{"text":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this."},"properties":{"security-severity":"7.0","name":"Cve201919814","id":"CVE-2019-19814 (sca)","description":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-9192 (sca)","name":"Cve20199192","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(|)(\\\\1\\\\1)*\u0026#39; in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.","markdown":"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(|)(\\\\1\\\\1)*\u0026#39; in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern."},"fullDescription":{"text":"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(|)(\\\\1\\\\1)*\u0026#39; in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern."},"properties":{"security-severity":"7.0","name":"Cve20199192","id":"CVE-2019-9192 (sca)","description":"** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by \u0026#39;(|)(\\\\1\\\\1)*\u0026#39; in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-36325 (sca)","name":"Cve202036325","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in Jansson. Due to a parsing error in json_loads, there\u0026#39;s an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification.","markdown":"** DISPUTED ** An issue was discovered in Jansson. Due to a parsing error in json_loads, there\u0026#39;s an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in Jansson. Due to a parsing error in json_loads, there\u0026#39;s an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification."},"properties":{"security-severity":"7.0","name":"Cve202036325","id":"CVE-2020-36325 (sca)","description":"** DISPUTED ** An issue was discovered in Jansson. Due to a parsing error in json_loads, there\u0026#39;s an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-20311 (sca)","name":"Cve202120311","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in ImageMagick in versions 6.x before 6.9.12-2 and 7.x before 7.0.11-2, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.","markdown":"A flaw was found in ImageMagick in versions 6.x before 6.9.12-2 and 7.x before 7.0.11-2, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability."},"fullDescription":{"text":"A flaw was found in ImageMagick in versions 6.x before 6.9.12-2 and 7.x before 7.0.11-2, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability."},"properties":{"security-severity":"7.0","name":"Cve202120311","id":"CVE-2021-20311 (sca)","description":"A flaw was found in ImageMagick in versions 6.x before 6.9.12-2 and 7.x before 7.0.11-2, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-3610 (sca)","name":"Cve20213610","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 and in ImageMagick6 versions prior to 6.9.12-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.","markdown":"A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 and in ImageMagick6 versions prior to 6.9.12-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault."},"fullDescription":{"text":"A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 and in ImageMagick6 versions prior to 6.9.12-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault."},"properties":{"security-severity":"7.0","name":"Cve20213610","id":"CVE-2021-3610 (sca)","description":"A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 and in ImageMagick6 versions prior to 6.9.12-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-3714 (sca)","name":"Cve20213714","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.","markdown":"A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged."},"fullDescription":{"text":"A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged."},"properties":{"security-severity":"7.0","name":"Cve20213714","id":"CVE-2021-3714 (sca)","description":"A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-3847 (sca)","name":"Cve20213847","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.","markdown":"An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system."},"fullDescription":{"text":"An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system."},"properties":{"security-severity":"7.0","name":"Cve20213847","id":"CVE-2021-3847 (sca)","description":"An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-3864 (sca)","name":"Cve20213864","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.","markdown":"A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges."},"fullDescription":{"text":"A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges."},"properties":{"security-severity":"7.0","name":"Cve20213864","id":"CVE-2021-3864 (sca)","description":"A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-0400 (sca)","name":"Cve20220400","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.","markdown":"An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos."},"fullDescription":{"text":"An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos."},"properties":{"security-severity":"7.0","name":"Cve20220400","id":"CVE-2022-0400 (sca)","description":"An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-1247 (sca)","name":"Cve20221247","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u0026gt;use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.","markdown":"An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u0026gt;use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero."},"fullDescription":{"text":"An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u0026gt;use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero."},"properties":{"security-severity":"7.0","name":"Cve20221247","id":"CVE-2022-1247 (sca)","description":"An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh-\u0026gt;use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-24975 (sca)","name":"Cve202224975","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The \u0026#34;--mirror\u0026#34; documentation for Git, versions through 2.35.1, does not mention the availability of deleted content, aka the \u0026#34;GitBleed\u0026#34; issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the \u0026#34;--mirror\u0026#34; option.","markdown":"The \u0026#34;--mirror\u0026#34; documentation for Git, versions through 2.35.1, does not mention the availability of deleted content, aka the \u0026#34;GitBleed\u0026#34; issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the \u0026#34;--mirror\u0026#34; option."},"fullDescription":{"text":"The \u0026#34;--mirror\u0026#34; documentation for Git, versions through 2.35.1, does not mention the availability of deleted content, aka the \u0026#34;GitBleed\u0026#34; issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the \u0026#34;--mirror\u0026#34; option."},"properties":{"security-severity":"7.0","name":"Cve202224975","id":"CVE-2022-24975 (sca)","description":"The \u0026#34;--mirror\u0026#34; documentation for Git, versions through 2.35.1, does not mention the availability of deleted content, aka the \u0026#34;GitBleed\u0026#34; issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the \u0026#34;--mirror\u0026#34; option.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-29217 (sca)","name":"Cve202229217","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. This issue affects versions 1.5.0 through 2.3.0.","markdown":"PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. This issue affects versions 1.5.0 through 2.3.0."},"fullDescription":{"text":"PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. This issue affects versions 1.5.0 through 2.3.0."},"properties":{"security-severity":"7.0","name":"Cve202229217","id":"CVE-2022-29217 (sca)","description":"PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. This issue affects versions 1.5.0 through 2.3.0.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-2961 (sca)","name":"Cve20222961","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.","markdown":"A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system."},"fullDescription":{"text":"A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system."},"properties":{"security-severity":"7.0","name":"Cve20222961","id":"CVE-2022-2961 (sca)","description":"A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-3238 (sca)","name":"Cve20223238","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.","markdown":"A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system."},"fullDescription":{"text":"A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system."},"properties":{"security-severity":"7.0","name":"Cve20223238","id":"CVE-2022-3238 (sca)","description":"A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-3522 (sca)","name":"Cve20223522","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019.","markdown":"A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019."},"fullDescription":{"text":"A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019."},"properties":{"security-severity":"7.0","name":"Cve20223522","id":"CVE-2022-3522 (sca)","description":"A vulnerability was found in Linux Kernel and classified as problematic. This issue affects the function hugetlb_no_page of the file mm/hugetlb.c. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211019.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-45884 (sca)","name":"Cve202245884","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.","markdown":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops."},"properties":{"security-severity":"7.0","name":"Cve202245884","id":"CVE-2022-45884 (sca)","description":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-45885 (sca)","name":"Cve202245885","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.","markdown":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected."},"properties":{"security-severity":"7.0","name":"Cve202245885","id":"CVE-2022-45885 (sca)","description":"An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-48303 (sca)","name":"Cve202248303","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.","markdown":"GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."},"fullDescription":{"text":"GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters."},"properties":{"security-severity":"7.0","name":"Cve202248303","id":"CVE-2022-48303 (sca)","description":"GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-24329 (sca)","name":"Cve202324329","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.","markdown":"An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters."},"fullDescription":{"text":"An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters."},"properties":{"security-severity":"7.0","name":"Cve202324329","id":"CVE-2023-24329 (sca)","description":"An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-25193 (sca)","name":"Cve202325193","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The file \u0026#34;hb-ot-layout-gsubgpos.hh\u0026#34; in HarfBuzz versions through 6.0.0 allows attackers to trigger \u0026#34;O(n^2)\u0026#34; growth via consecutive marks during the process of looking back for base glyphs when attaching marks.","markdown":"The file \u0026#34;hb-ot-layout-gsubgpos.hh\u0026#34; in HarfBuzz versions through 6.0.0 allows attackers to trigger \u0026#34;O(n^2)\u0026#34; growth via consecutive marks during the process of looking back for base glyphs when attaching marks."},"fullDescription":{"text":"The file \u0026#34;hb-ot-layout-gsubgpos.hh\u0026#34; in HarfBuzz versions through 6.0.0 allows attackers to trigger \u0026#34;O(n^2)\u0026#34; growth via consecutive marks during the process of looking back for base glyphs when attaching marks."},"properties":{"security-severity":"7.0","name":"Cve202325193","id":"CVE-2023-25193 (sca)","description":"The file \u0026#34;hb-ot-layout-gsubgpos.hh\u0026#34; in HarfBuzz versions through 6.0.0 allows attackers to trigger \u0026#34;O(n^2)\u0026#34; growth via consecutive marks during the process of looking back for base glyphs when attaching marks.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-25577 (sca)","name":"Cve202325577","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug\u0026#39;s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.","markdown":"Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug\u0026#39;s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers."},"fullDescription":{"text":"Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug\u0026#39;s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers."},"properties":{"security-severity":"7.0","name":"Cve202325577","id":"CVE-2023-25577 (sca)","description":"Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug\u0026#39;s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-25652 (sca)","name":"Cve202325652","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Git is a revision control system. In git versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.","markdown":"Git is a revision control system. In git versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists."},"fullDescription":{"text":"Git is a revision control system. In git versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists."},"properties":{"security-severity":"7.0","name":"Cve202325652","id":"CVE-2023-25652 (sca)","description":"Git is a revision control system. In git versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-26242 (sca)","name":"Cve202326242","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.","markdown":"afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow."},"fullDescription":{"text":"afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow."},"properties":{"security-severity":"7.0","name":"Cve202326242","id":"CVE-2023-26242 (sca)","description":"afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-26965 (sca)","name":"Cve202326965","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The function \u0026#34;loadImage()\u0026#34; in \u0026#34;tools/tiffcrop.c\u0026#34; in LibTIFF versions through 4.5.0 has a heap-based use after free via a crafted TIFF image.","markdown":"The function \u0026#34;loadImage()\u0026#34; in \u0026#34;tools/tiffcrop.c\u0026#34; in LibTIFF versions through 4.5.0 has a heap-based use after free via a crafted TIFF image."},"fullDescription":{"text":"The function \u0026#34;loadImage()\u0026#34; in \u0026#34;tools/tiffcrop.c\u0026#34; in LibTIFF versions through 4.5.0 has a heap-based use after free via a crafted TIFF image."},"properties":{"security-severity":"7.0","name":"Cve202326965","id":"CVE-2023-26965 (sca)","description":"The function \u0026#34;loadImage()\u0026#34; in \u0026#34;tools/tiffcrop.c\u0026#34; in LibTIFF versions through 4.5.0 has a heap-based use after free via a crafted TIFF image.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-27103 (sca)","name":"Cve202327103","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.","markdown":"Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc."},"fullDescription":{"text":"Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc."},"properties":{"security-severity":"7.0","name":"Cve202327103","id":"CVE-2023-27103 (sca)","description":"Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-28464 (sca)","name":"Cve202328464","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.","markdown":"hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation."},"fullDescription":{"text":"hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation."},"properties":{"security-severity":"7.0","name":"Cve202328464","id":"CVE-2023-28464 (sca)","description":"hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-28531 (sca)","name":"Cve202328531","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.","markdown":"ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints."},"fullDescription":{"text":"ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints."},"properties":{"security-severity":"7.0","name":"Cve202328531","id":"CVE-2023-28531 (sca)","description":"ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-29007 (sca)","name":"Cve202329007","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Git is a revision control system. In versions prior to 2.30.9, 2.31.x through 2.31.7, 2.32.x through 2.32.6, 2.33.x through 2.33.7, 2.34.x through 2.34.7, 2.35.x through 2.35.7, 2.36.x through 2.36.5, 2.37.x through 2.37.6, 2.38.x through 2.38.4, 2.39.x through 2.39.2, and 2.40.x through 2.40.0. a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0026#39;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values that specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.","markdown":"Git is a revision control system. In versions prior to 2.30.9, 2.31.x through 2.31.7, 2.32.x through 2.32.6, 2.33.x through 2.33.7, 2.34.x through 2.34.7, 2.35.x through 2.35.7, 2.36.x through 2.36.5, 2.37.x through 2.37.6, 2.38.x through 2.38.4, 2.39.x through 2.39.2, and 2.40.x through 2.40.0. a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0026#39;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values that specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`."},"fullDescription":{"text":"Git is a revision control system. In versions prior to 2.30.9, 2.31.x through 2.31.7, 2.32.x through 2.32.6, 2.33.x through 2.33.7, 2.34.x through 2.34.7, 2.35.x through 2.35.7, 2.36.x through 2.36.5, 2.37.x through 2.37.6, 2.38.x through 2.38.4, 2.39.x through 2.39.2, and 2.40.x through 2.40.0. a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0026#39;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values that specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`."},"properties":{"security-severity":"7.0","name":"Cve202329007","id":"CVE-2023-29007 (sca)","description":"Git is a revision control system. In versions prior to 2.30.9, 2.31.x through 2.31.7, 2.32.x through 2.32.6, 2.33.x through 2.33.7, 2.34.x through 2.34.7, 2.35.x through 2.35.7, 2.36.x through 2.36.5, 2.37.x through 2.37.6, 2.38.x through 2.38.4, 2.39.x through 2.39.2, and 2.40.x through 2.40.0. a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\u0026#39;s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values that specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-30861 (sca)","name":"Cve202330861","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client\u0026#39;s `session` cookie to other clients. The severity depends on the application\u0026#39;s use of the session and the proxy\u0026#39;s behavior regarding cookies. The risk depends on all these conditions being met. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. The application sets `session.permanent = True`. The application does not access or modify the session at any point during a request. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue affects flask versions prior to 2.2.5, and 2.3.x prior to 2.3.2.","markdown":"Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client\u0026#39;s `session` cookie to other clients. The severity depends on the application\u0026#39;s use of the session and the proxy\u0026#39;s behavior regarding cookies. The risk depends on all these conditions being met. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. The application sets `session.permanent = True`. The application does not access or modify the session at any point during a request. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue affects flask versions prior to 2.2.5, and 2.3.x prior to 2.3.2."},"fullDescription":{"text":"Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client\u0026#39;s `session` cookie to other clients. The severity depends on the application\u0026#39;s use of the session and the proxy\u0026#39;s behavior regarding cookies. The risk depends on all these conditions being met. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. The application sets `session.permanent = True`. The application does not access or modify the session at any point during a request. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue affects flask versions prior to 2.2.5, and 2.3.x prior to 2.3.2."},"properties":{"security-severity":"7.0","name":"Cve202330861","id":"CVE-2023-30861 (sca)","description":"Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client\u0026#39;s `session` cookie to other clients. The severity depends on the application\u0026#39;s use of the session and the proxy\u0026#39;s behavior regarding cookies. The risk depends on all these conditions being met. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. The application sets `session.permanent = True`. The application does not access or modify the session at any point during a request. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue affects flask versions prior to 2.2.5, and 2.3.x prior to 2.3.2.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-34152 (sca)","name":"Cve202334152","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A vulnerability was found in ImageMagick. This security flaw causes a remote code execution vulnerability in OpenBlob with \u0026#34;--enable-pipes\u0026#34; configured.\n\nNOTE: This vulnerability is disputed by the maintainer but our analysis shows it is exploitable only when \u0026#34;OpenBlob\u0026#34; is configured with \u0026#34;--enable-pipes\u0026#34;. Please be sure to check your configuration and sanitize your input when using the \u0026#34;--enable-pipes\u0026#34; flag.","markdown":"A vulnerability was found in ImageMagick. This security flaw causes a remote code execution vulnerability in OpenBlob with \u0026#34;--enable-pipes\u0026#34; configured.\n\nNOTE: This vulnerability is disputed by the maintainer but our analysis shows it is exploitable only when \u0026#34;OpenBlob\u0026#34; is configured with \u0026#34;--enable-pipes\u0026#34;. Please be sure to check your configuration and sanitize your input when using the \u0026#34;--enable-pipes\u0026#34; flag."},"fullDescription":{"text":"A vulnerability was found in ImageMagick. This security flaw causes a remote code execution vulnerability in OpenBlob with \u0026#34;--enable-pipes\u0026#34; configured.\n\nNOTE: This vulnerability is disputed by the maintainer but our analysis shows it is exploitable only when \u0026#34;OpenBlob\u0026#34; is configured with \u0026#34;--enable-pipes\u0026#34;. Please be sure to check your configuration and sanitize your input when using the \u0026#34;--enable-pipes\u0026#34; flag."},"properties":{"security-severity":"7.0","name":"Cve202334152","id":"CVE-2023-34152 (sca)","description":"A vulnerability was found in ImageMagick. This security flaw causes a remote code execution vulnerability in OpenBlob with \u0026#34;--enable-pipes\u0026#34; configured.\n\nNOTE: This vulnerability is disputed by the maintainer but our analysis shows it is exploitable only when \u0026#34;OpenBlob\u0026#34; is configured with \u0026#34;--enable-pipes\u0026#34;. Please be sure to check your configuration and sanitize your input when using the \u0026#34;--enable-pipes\u0026#34; flag.","tags":["security","checkmarx","sca"]}},{"id":"9513a694-aa0d-41d8-be61-3271e056f36b [Taken from query_id] (kics)","name":"Add Instead of Copy","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. Value: 'ADD' src/ Excepted value: 'COPY' src/","markdown":"Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eValue:\u003c/strong\u003e 'ADD' src/ \u003cbr\u003e\u003cstrong\u003eExcepted value:\u003c/strong\u003e 'COPY' src/"},"fullDescription":{"text":"Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. Value: 'ADD' src/ Excepted value: 'COPY' src/"},"properties":{"security-severity":"4.0","name":"Add Instead of Copy","id":"9513a694-aa0d-41d8-be61-3271e056f36b [Taken from query_id] (kics)","description":"Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script. Value: 'ADD' src/ Excepted value: 'COPY' src/","tags":["security","checkmarx","kics"]}},{"id":"f2f903fb-b977-461e-98d7-b3e2185c6118 [Taken from query_id] (kics)","name":"Pip install Keeping Cached Packages","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"When installing packages with pip, the \u0026#39;--no-cache-dir\u0026#39; flag should be set to make Docker images smaller Value: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install' Excepted value: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'","markdown":"When installing packages with pip, the \u0026#39;--no-cache-dir\u0026#39; flag should be set to make Docker images smaller \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eValue:\u003c/strong\u003e The '--no-cache-dir' flag isn't set when running 'pip/pip3 install' \u003cbr\u003e\u003cstrong\u003eExcepted value:\u003c/strong\u003e The '--no-cache-dir' flag should be set when running 'pip/pip3 install'"},"fullDescription":{"text":"When installing packages with pip, the \u0026#39;--no-cache-dir\u0026#39; flag should be set to make Docker images smaller Value: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install' Excepted value: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'"},"properties":{"security-severity":"4.0","name":"Pip install Keeping Cached Packages","id":"f2f903fb-b977-461e-98d7-b3e2185c6118 [Taken from query_id] (kics)","description":"When installing packages with pip, the \u0026#39;--no-cache-dir\u0026#39; flag should be set to make Docker images smaller Value: The '--no-cache-dir' flag isn't set when running 'pip/pip3 install' Excepted value: The '--no-cache-dir' flag should be set when running 'pip/pip3 install'","tags":["security","checkmarx","kics"]}},{"id":"02d9c71f-3ee8-4986-9c27-1a20d0d19bfc [Taken from query_id] (kics)","name":"Unpinned Package Version in Pip Install","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes Value: RUN instruction pip install -r requirements.txt does not use package pinning form Excepted value: RUN instruction with 'pip/pip3 install \u003cpackage\u003e' should use package pinning form 'pip/pip3 install \u003cpackage\u003e=\u003cversion\u003e'","markdown":"Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eValue:\u003c/strong\u003e RUN instruction pip install -r requirements.txt does not use package pinning form \u003cbr\u003e\u003cstrong\u003eExcepted value:\u003c/strong\u003e RUN instruction with 'pip/pip3 install \u003cpackage\u003e' should use package pinning form 'pip/pip3 install \u003cpackage\u003e=\u003cversion\u003e'"},"fullDescription":{"text":"Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes Value: RUN instruction pip install -r requirements.txt does not use package pinning form Excepted value: RUN instruction with 'pip/pip3 install \u003cpackage\u003e' should use package pinning form 'pip/pip3 install \u003cpackage\u003e=\u003cversion\u003e'"},"properties":{"security-severity":"4.0","name":"Unpinned Package Version in Pip Install","id":"02d9c71f-3ee8-4986-9c27-1a20d0d19bfc [Taken from query_id] (kics)","description":"Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes Value: RUN instruction pip install -r requirements.txt does not use package pinning form Excepted value: RUN instruction with 'pip/pip3 install \u003cpackage\u003e' should use package pinning form 'pip/pip3 install \u003cpackage\u003e=\u003cversion\u003e'","tags":["security","checkmarx","kics"]}},{"id":"12553559161661395516 (sast)","name":"Filtering Sensitive Logs","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The application logs various user events, and in method retrieve writes sensitive user details to debug, in /src/core/db.py at line 42. These details include user- or session-specific data, such as pass_query, at line 197 of /src/main.py in the change_password method.\n\n","markdown":"The application logs various user events, and in method retrieve writes sensitive user details to debug, in /src/core/db.py at line 42. These details include user- or session-specific data, such as pass_query, at line 197 of /src/main.py in the change_password method.\n\n"},"fullDescription":{"text":"The application logs various user events, and in method retrieve writes sensitive user details to debug, in /src/core/db.py at line 42. These details include user- or session-specific data, such as pass_query, at line 197 of /src/main.py in the change_password method.\n\n"},"properties":{"security-severity":"4.0","name":"Filtering Sensitive Logs","id":"12553559161661395516 (sast)","description":"The application logs various user events, and in method retrieve writes sensitive user details to debug, in /src/core/db.py at line 42. These details include user- or session-specific data, such as pass_query, at line 197 of /src/main.py in the change_password method.\n\n","tags":["security","checkmarx","sast"]}},{"id":"8400805859752228222 (sast)","name":"CSRF","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Method update_user_info at line 98 of /src/main.py gets a parameter from a user request from headers. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).\n\n","markdown":"Method update_user_info at line 98 of /src/main.py gets a parameter from a user request from headers. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).\n\n"},"fullDescription":{"text":"Method update_user_info at line 98 of /src/main.py gets a parameter from a user request from headers. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).\n\n"},"properties":{"security-severity":"4.0","name":"CSRF","id":"8400805859752228222 (sast)","description":"Method update_user_info at line 98 of /src/main.py gets a parameter from a user request from headers. This parameter value flows through the code and is eventually used to access application state altering functionality. This may enable Cross-Site Request Forgery (CSRF).\n\n","tags":["security","checkmarx","sast"]}},{"id":"4418167693267818286 (sast)","name":"Path Traversal","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Method break_jwt at line 48 of /util/brute_force_jwt_token.py gets dynamic data from the input element. This element’s value then flows through the code and is eventually used in a file path for local disk access in break_jwt at line 51 of /util/brute_force_jwt_token.py. This may cause a Path Traversal vulnerability.\n\n","markdown":"Method break_jwt at line 48 of /util/brute_force_jwt_token.py gets dynamic data from the input element. This element’s value then flows through the code and is eventually used in a file path for local disk access in break_jwt at line 51 of /util/brute_force_jwt_token.py. This may cause a Path Traversal vulnerability.\n\n"},"fullDescription":{"text":"Method break_jwt at line 48 of /util/brute_force_jwt_token.py gets dynamic data from the input element. This element’s value then flows through the code and is eventually used in a file path for local disk access in break_jwt at line 51 of /util/brute_force_jwt_token.py. This may cause a Path Traversal vulnerability.\n\n"},"properties":{"security-severity":"4.0","name":"Path Traversal","id":"4418167693267818286 (sast)","description":"Method break_jwt at line 48 of /util/brute_force_jwt_token.py gets dynamic data from the input element. This element’s value then flows through the code and is eventually used in a file path for local disk access in break_jwt at line 51 of /util/brute_force_jwt_token.py. This may cause a Path Traversal vulnerability.\n\n","tags":["security","checkmarx","sast"]}},{"id":"7929843929890808532 (sast)","name":"Missing HSTS Header","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The web-application does not define an HSTS header, leaving it vulnerable to attack.\n\n","markdown":"The web-application does not define an HSTS header, leaving it vulnerable to attack.\n\n"},"fullDescription":{"text":"The web-application does not define an HSTS header, leaving it vulnerable to attack.\n\n"},"properties":{"security-severity":"4.0","name":"Missing HSTS Header","id":"7929843929890808532 (sast)","description":"The web-application does not define an HSTS header, leaving it vulnerable to attack.\n\n","tags":["security","checkmarx","sast"]}},{"id":"346558629760677672 (sast)","name":"Stored XSS","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The method login embeds untrusted data in generated output with ReturnStmt, at line 164 of /src/main.py. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.\n\nThe attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker\u0026#39;s modified data is then read from the database by the retrieve method with connection, at line 44 of /src/core/db.py. This untrusted data then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Stored Cross-Site Scripting (XSS) attack.\n\n","markdown":"The method login embeds untrusted data in generated output with ReturnStmt, at line 164 of /src/main.py. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.\n\nThe attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker\u0026#39;s modified data is then read from the database by the retrieve method with connection, at line 44 of /src/core/db.py. This untrusted data then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Stored Cross-Site Scripting (XSS) attack.\n\n"},"fullDescription":{"text":"The method login embeds untrusted data in generated output with ReturnStmt, at line 164 of /src/main.py. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.\n\nThe attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker\u0026#39;s modified data is then read from the database by the retrieve method with connection, at line 44 of /src/core/db.py. This untrusted data then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Stored Cross-Site Scripting (XSS) attack.\n\n"},"properties":{"security-severity":"4.0","name":"Stored XSS","id":"346558629760677672 (sast)","description":"The method login embeds untrusted data in generated output with ReturnStmt, at line 164 of /src/main.py. This untrusted data is embedded into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the generated web-page.\n\nThe attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker\u0026#39;s modified data is then read from the database by the retrieve method with connection, at line 44 of /src/core/db.py. This untrusted data then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Stored Cross-Site Scripting (XSS) attack.\n\n","tags":["security","checkmarx","sast"]}},{"id":"CVE-2004-0230 (sca)","name":"Cve20040230","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.","markdown":"TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP."},"fullDescription":{"text":"TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP."},"properties":{"security-severity":"4.0","name":"Cve20040230","id":"CVE-2004-0230 (sca)","description":"TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2005-3660 (sca)","name":"Cve20053660","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.","markdown":"Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference."},"fullDescription":{"text":"Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference."},"properties":{"security-severity":"4.0","name":"Cve20053660","id":"CVE-2005-3660 (sca)","description":"Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-2243 (sca)","name":"Cve20072243","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.","markdown":"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483."},"fullDescription":{"text":"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483."},"properties":{"security-severity":"4.0","name":"Cve20072243","id":"CVE-2007-2243 (sca)","description":"OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-2768 (sca)","name":"Cve20072768","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.","markdown":"OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243."},"fullDescription":{"text":"OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243."},"properties":{"security-severity":"4.0","name":"Cve20072768","id":"CVE-2007-2768 (sca)","description":"OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-3476 (sca)","name":"Cve20073476","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.","markdown":"Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."},"fullDescription":{"text":"Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault."},"properties":{"security-severity":"4.0","name":"Cve20073476","id":"CVE-2007-3476 (sca)","description":"Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a segmentation fault.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-3477 (sca)","name":"Cve20073477","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.","markdown":"The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value."},"fullDescription":{"text":"The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value."},"properties":{"security-severity":"4.0","name":"Cve20073477","id":"CVE-2007-3477 (sca)","description":"The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-3996 (sca)","name":"Cve20073996","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.","markdown":"Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function."},"fullDescription":{"text":"Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function."},"properties":{"security-severity":"4.0","name":"Cve20073996","id":"CVE-2007-3996 (sca)","description":"Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-5686 (sca)","name":"Cve20075686","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.","markdown":"initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers."},"fullDescription":{"text":"initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers."},"properties":{"security-severity":"4.0","name":"Cve20075686","id":"CVE-2007-5686 (sca)","description":"initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts.  NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2008-3134 (sca)","name":"Cve20083134","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.","markdown":"Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file."},"fullDescription":{"text":"Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file."},"properties":{"security-severity":"4.0","name":"Cve20083134","id":"CVE-2008-3134 (sca)","description":"Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2008-3234 (sca)","name":"Cve20083234","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.","markdown":"sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username."},"fullDescription":{"text":"sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username."},"properties":{"security-severity":"4.0","name":"Cve20083234","id":"CVE-2008-3234 (sca)","description":"sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2010-4563 (sca)","name":"Cve20104563","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.","markdown":"The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping."},"fullDescription":{"text":"The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping."},"properties":{"security-severity":"4.0","name":"Cve20104563","id":"CVE-2010-4563 (sca)","description":"The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2010-4651 (sca)","name":"Cve20104651","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.","markdown":"Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."},"fullDescription":{"text":"Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."},"properties":{"security-severity":"4.0","name":"Cve20104651","id":"CVE-2010-4651 (sca)","description":"Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2010-4756 (sca)","name":"Cve20104756","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.","markdown":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632."},"fullDescription":{"text":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632."},"properties":{"security-severity":"4.0","name":"Cve20104756","id":"CVE-2010-4756 (sca)","description":"The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2010-5321 (sca)","name":"Cve20105321","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.","markdown":"Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf."},"fullDescription":{"text":"Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf."},"properties":{"security-severity":"4.0","name":"Cve20105321","id":"CVE-2010-5321 (sca)","description":"Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2011-3374 (sca)","name":"Cve20113374","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.","markdown":"It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."},"fullDescription":{"text":"It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack."},"properties":{"security-severity":"4.0","name":"Cve20113374","id":"CVE-2011-3374 (sca)","description":"It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2011-3389 (sca)","name":"Cve20113389","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \u0026#34;BEAST\u0026#34; attack.","markdown":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \u0026#34;BEAST\u0026#34; attack."},"fullDescription":{"text":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \u0026#34;BEAST\u0026#34; attack."},"properties":{"security-severity":"4.0","name":"Cve20113389","id":"CVE-2011-3389 (sca)","description":"The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \u0026#34;BEAST\u0026#34; attack.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2011-4116 (sca)","name":"Cve20114116","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"_is_safe in the File::Temp module for Perl does not properly handle symlinks.","markdown":"_is_safe in the File::Temp module for Perl does not properly handle symlinks."},"fullDescription":{"text":"_is_safe in the File::Temp module for Perl does not properly handle symlinks."},"properties":{"security-severity":"4.0","name":"Cve20114116","id":"CVE-2011-4116 (sca)","description":"_is_safe in the File::Temp module for Perl does not properly handle symlinks.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2012-0039 (sca)","name":"Cve20120039","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.","markdown":"** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application."},"fullDescription":{"text":"** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application."},"properties":{"security-severity":"4.0","name":"Cve20120039","id":"CVE-2012-0039 (sca)","description":"** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2012-4542 (sca)","name":"Cve20124542","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.","markdown":"block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes."},"fullDescription":{"text":"block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes."},"properties":{"security-severity":"4.0","name":"Cve20124542","id":"CVE-2012-4542 (sca)","description":"block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2014-9892 (sca)","name":"Cve20149892","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.","markdown":"The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717."},"fullDescription":{"text":"The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717."},"properties":{"security-severity":"4.0","name":"Cve20149892","id":"CVE-2014-9892 (sca)","description":"The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2014-9900 (sca)","name":"Cve20149900","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.","markdown":"The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754."},"fullDescription":{"text":"The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754."},"properties":{"security-severity":"4.0","name":"Cve20149900","id":"CVE-2014-9900 (sca)","description":"The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2015-3276 (sca)","name":"Cve20153276","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.","markdown":"The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors."},"fullDescription":{"text":"The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors."},"properties":{"security-severity":"4.0","name":"Cve20153276","id":"CVE-2015-3276 (sca)","description":"The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2015-9019 (sca)","name":"Cve20159019","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.","markdown":"In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."},"fullDescription":{"text":"In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs."},"properties":{"security-severity":"4.0","name":"Cve20159019","id":"CVE-2015-9019 (sca)","description":"In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-10505 (sca)","name":"Cve201610505","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.","markdown":"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files."},"fullDescription":{"text":"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files."},"properties":{"security-severity":"4.0","name":"Cve201610505","id":"CVE-2016-10505 (sca)","description":"NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-10506 (sca)","name":"Cve201610506","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.","markdown":"Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files."},"fullDescription":{"text":"Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files."},"properties":{"security-severity":"4.0","name":"Cve201610506","id":"CVE-2016-10506 (sca)","description":"Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-10723 (sca)","name":"Cve201610723","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \u0026#34;the underlying problem is non-trivial to handle.\u0026#34;","markdown":"** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \u0026#34;the underlying problem is non-trivial to handle.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \u0026#34;the underlying problem is non-trivial to handle.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve201610723","id":"CVE-2016-10723 (sca)","description":"** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that \u0026#34;the underlying problem is non-trivial to handle.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-20012 (sca)","name":"Cve201620012","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product.","markdown":"** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product."},"fullDescription":{"text":"** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product."},"properties":{"security-severity":"4.0","name":"Cve201620012","id":"CVE-2016-20012 (sca)","description":"** DISPUTED ** OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-2781 (sca)","name":"Cve20162781","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\u0026#39;s input buffer.","markdown":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\u0026#39;s input buffer."},"fullDescription":{"text":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\u0026#39;s input buffer."},"properties":{"security-severity":"4.0","name":"Cve20162781","id":"CVE-2016-2781 (sca)","description":"chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal\u0026#39;s input buffer.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-8660 (sca)","name":"Cve20168660","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \u0026#34;page lock order bug in the XFS seek hole/data implementation.\u0026#34;","markdown":"The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \u0026#34;page lock order bug in the XFS seek hole/data implementation.\u0026#34;"},"fullDescription":{"text":"The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \u0026#34;page lock order bug in the XFS seek hole/data implementation.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve20168660","id":"CVE-2016-8660 (sca)","description":"The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a \u0026#34;page lock order bug in the XFS seek hole/data implementation.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-8678 (sca)","name":"Cve20168678","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says \u0026#34;This is a Q64 issue and we do not support Q64.\u0026#34;","markdown":"The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says \u0026#34;This is a Q64 issue and we do not support Q64.\u0026#34;"},"fullDescription":{"text":"The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says \u0026#34;This is a Q64 issue and we do not support Q64.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve20168678","id":"CVE-2016-8678 (sca)","description":"The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file.  NOTE: the vendor says \u0026#34;This is a Q64 issue and we do not support Q64.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9115 (sca)","name":"Cve20169115","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.","markdown":"Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."},"fullDescription":{"text":"Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."},"properties":{"security-severity":"4.0","name":"Cve20169115","id":"CVE-2016-9115 (sca)","description":"Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9116 (sca)","name":"Cve20169116","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.","markdown":"NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."},"fullDescription":{"text":"NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."},"properties":{"security-severity":"4.0","name":"Cve20169116","id":"CVE-2016-9116 (sca)","description":"NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9117 (sca)","name":"Cve20169117","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.","markdown":"NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."},"fullDescription":{"text":"NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file."},"properties":{"security-severity":"4.0","name":"Cve20169117","id":"CVE-2016-9117 (sca)","description":"NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9797 (sca)","name":"Cve20169797","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer over-read was observed in \u0026#34;l2cap_dump\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","markdown":"In BlueZ 5.42, a buffer over-read was observed in \u0026#34;l2cap_dump\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"fullDescription":{"text":"In BlueZ 5.42, a buffer over-read was observed in \u0026#34;l2cap_dump\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"properties":{"security-severity":"4.0","name":"Cve20169797","id":"CVE-2016-9797 (sca)","description":"In BlueZ 5.42, a buffer over-read was observed in \u0026#34;l2cap_dump\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9798 (sca)","name":"Cve20169798","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a use-after-free was identified in \u0026#34;conf_opt\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","markdown":"In BlueZ 5.42, a use-after-free was identified in \u0026#34;conf_opt\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"fullDescription":{"text":"In BlueZ 5.42, a use-after-free was identified in \u0026#34;conf_opt\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"properties":{"security-severity":"4.0","name":"Cve20169798","id":"CVE-2016-9798 (sca)","description":"In BlueZ 5.42, a use-after-free was identified in \u0026#34;conf_opt\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9799 (sca)","name":"Cve20169799","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pklg_read_hci\u0026#34; function in \u0026#34;btsnoop.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","markdown":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pklg_read_hci\u0026#34; function in \u0026#34;btsnoop.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."},"fullDescription":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pklg_read_hci\u0026#34; function in \u0026#34;btsnoop.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."},"properties":{"security-severity":"4.0","name":"Cve20169799","id":"CVE-2016-9799 (sca)","description":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pklg_read_hci\u0026#34; function in \u0026#34;btsnoop.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9800 (sca)","name":"Cve20169800","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pin_code_reply_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. The issue exists because \u0026#34;pin\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;pin_code_reply_cp *cp\u0026#34; parameter.","markdown":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pin_code_reply_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. The issue exists because \u0026#34;pin\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;pin_code_reply_cp *cp\u0026#34; parameter."},"fullDescription":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pin_code_reply_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. The issue exists because \u0026#34;pin\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;pin_code_reply_cp *cp\u0026#34; parameter."},"properties":{"security-severity":"4.0","name":"Cve20169800","id":"CVE-2016-9800 (sca)","description":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;pin_code_reply_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. The issue exists because \u0026#34;pin\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;pin_code_reply_cp *cp\u0026#34; parameter.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9801 (sca)","name":"Cve20169801","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;set_ext_ctrl\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file when processing corrupted dump file.","markdown":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;set_ext_ctrl\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file when processing corrupted dump file."},"fullDescription":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;set_ext_ctrl\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file when processing corrupted dump file."},"properties":{"security-severity":"4.0","name":"Cve20169801","id":"CVE-2016-9801 (sca)","description":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;set_ext_ctrl\u0026#34; function in \u0026#34;tools/parser/l2cap.c\u0026#34; source file when processing corrupted dump file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9802 (sca)","name":"Cve20169802","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer over-read was identified in \u0026#34;l2cap_packet\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","markdown":"In BlueZ 5.42, a buffer over-read was identified in \u0026#34;l2cap_packet\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."},"fullDescription":{"text":"In BlueZ 5.42, a buffer over-read was identified in \u0026#34;l2cap_packet\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash."},"properties":{"security-severity":"4.0","name":"Cve20169802","id":"CVE-2016-9802 (sca)","description":"In BlueZ 5.42, a buffer over-read was identified in \u0026#34;l2cap_packet\u0026#34; function in \u0026#34;monitor/packet.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9803 (sca)","name":"Cve20169803","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, an out-of-bounds read was observed in \u0026#34;le_meta_ev_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. This issue exists because \u0026#39;subevent\u0026#39; (which is used to read correct element from \u0026#39;ev_le_meta_str\u0026#39; array) is overflowed.","markdown":"In BlueZ 5.42, an out-of-bounds read was observed in \u0026#34;le_meta_ev_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. This issue exists because \u0026#39;subevent\u0026#39; (which is used to read correct element from \u0026#39;ev_le_meta_str\u0026#39; array) is overflowed."},"fullDescription":{"text":"In BlueZ 5.42, an out-of-bounds read was observed in \u0026#34;le_meta_ev_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. This issue exists because \u0026#39;subevent\u0026#39; (which is used to read correct element from \u0026#39;ev_le_meta_str\u0026#39; array) is overflowed."},"properties":{"security-severity":"4.0","name":"Cve20169803","id":"CVE-2016-9803 (sca)","description":"In BlueZ 5.42, an out-of-bounds read was observed in \u0026#34;le_meta_ev_dump\u0026#34; function in \u0026#34;tools/parser/hci.c\u0026#34; source file. This issue exists because \u0026#39;subevent\u0026#39; (which is used to read correct element from \u0026#39;ev_le_meta_str\u0026#39; array) is overflowed.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9804 (sca)","name":"Cve20169804","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;commands_dump\u0026#34; function in \u0026#34;tools/parser/csr.c\u0026#34; source file. The issue exists because \u0026#34;commands\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;frm-\u0026gt;ptr\u0026#34; parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","markdown":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;commands_dump\u0026#34; function in \u0026#34;tools/parser/csr.c\u0026#34; source file. The issue exists because \u0026#34;commands\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;frm-\u0026gt;ptr\u0026#34; parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"fullDescription":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;commands_dump\u0026#34; function in \u0026#34;tools/parser/csr.c\u0026#34; source file. The issue exists because \u0026#34;commands\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;frm-\u0026gt;ptr\u0026#34; parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"properties":{"security-severity":"4.0","name":"Cve20169804","id":"CVE-2016-9804 (sca)","description":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;commands_dump\u0026#34; function in \u0026#34;tools/parser/csr.c\u0026#34; source file. The issue exists because \u0026#34;commands\u0026#34; array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame \u0026#34;frm-\u0026gt;ptr\u0026#34; parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2016-9917 (sca)","name":"Cve20169917","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;read_n\u0026#34; function in \u0026#34;tools/hcidump.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","markdown":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;read_n\u0026#34; function in \u0026#34;tools/hcidump.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"fullDescription":{"text":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;read_n\u0026#34; function in \u0026#34;tools/hcidump.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash."},"properties":{"security-severity":"4.0","name":"Cve20169917","id":"CVE-2016-9917 (sca)","description":"In BlueZ 5.42, a buffer overflow was observed in \u0026#34;read_n\u0026#34; function in \u0026#34;tools/hcidump.c\u0026#34; source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-0630 (sca)","name":"Cve20170630","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.","markdown":"An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115."},"fullDescription":{"text":"An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115."},"properties":{"security-severity":"4.0","name":"Cve20170630","id":"CVE-2017-0630 (sca)","description":"An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-11754 (sca)","name":"Cve201711754","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.","markdown":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call."},"fullDescription":{"text":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call."},"properties":{"security-severity":"4.0","name":"Cve201711754","id":"CVE-2017-11754 (sca)","description":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-11755 (sca)","name":"Cve201711755","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.","markdown":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call."},"fullDescription":{"text":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call."},"properties":{"security-severity":"4.0","name":"Cve201711755","id":"CVE-2017-11755 (sca)","description":"The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-13693 (sca)","name":"Cve201713693","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.","markdown":"The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."},"fullDescription":{"text":"The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."},"properties":{"security-severity":"4.0","name":"Cve201713693","id":"CVE-2017-13693 (sca)","description":"The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-13694 (sca)","name":"Cve201713694","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.","markdown":"The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."},"fullDescription":{"text":"The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table."},"properties":{"security-severity":"4.0","name":"Cve201713694","id":"CVE-2017-13694 (sca)","description":"The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-13716 (sca)","name":"Cve201713716","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).","markdown":"The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd)."},"fullDescription":{"text":"The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd)."},"properties":{"security-severity":"4.0","name":"Cve201713716","id":"CVE-2017-13716 (sca)","description":"The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-14988 (sca)","name":"Cve201714988","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn\u0026#39;t valid.","markdown":"** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn\u0026#39;t valid."},"fullDescription":{"text":"** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn\u0026#39;t valid."},"properties":{"security-severity":"4.0","name":"Cve201714988","id":"CVE-2017-14988 (sca)","description":"** DISPUTED ** Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn\u0026#39;t valid.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-17740 (sca)","name":"Cve201717740","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.","markdown":"contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation."},"fullDescription":{"text":"contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation."},"properties":{"security-severity":"4.0","name":"Cve201717740","id":"CVE-2017-17740 (sca)","description":"contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-18018 (sca)","name":"Cve201718018","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \u0026#34;-R -L\u0026#34; options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","markdown":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \u0026#34;-R -L\u0026#34; options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition."},"fullDescription":{"text":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \u0026#34;-R -L\u0026#34; options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition."},"properties":{"security-severity":"4.0","name":"Cve201718018","id":"CVE-2017-18018 (sca)","description":"In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \u0026#34;-R -L\u0026#34; options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-7275 (sca)","name":"Cve20177275","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.","markdown":"The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866."},"fullDescription":{"text":"The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866."},"properties":{"security-severity":"4.0","name":"Cve20177275","id":"CVE-2017-7275 (sca)","description":"The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-7475 (sca)","name":"Cve20177475","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.","markdown":"Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash."},"fullDescription":{"text":"Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash."},"properties":{"security-severity":"4.0","name":"Cve20177475","id":"CVE-2017-7475 (sca)","description":"Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-9937 (sca)","name":"Cve20179937","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In LibTIFF before and including 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.","markdown":"In LibTIFF before and including 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack."},"fullDescription":{"text":"In LibTIFF before and including 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack."},"properties":{"security-severity":"4.0","name":"Cve20179937","id":"CVE-2017-9937 (sca)","description":"In LibTIFF before and including 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-10126 (sca)","name":"Cve201810126","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"LibTIFF up to 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.","markdown":"LibTIFF up to 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c."},"fullDescription":{"text":"LibTIFF up to 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c."},"properties":{"security-severity":"4.0","name":"Cve201810126","id":"CVE-2018-10126 (sca)","description":"LibTIFF up to 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-1121 (sca)","name":"Cve20181121","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel\u0026#39;s proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng\u0026#39;s utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.","markdown":"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel\u0026#39;s proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng\u0026#39;s utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also."},"fullDescription":{"text":"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel\u0026#39;s proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng\u0026#39;s utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also."},"properties":{"security-severity":"4.0","name":"Cve20181121","id":"CVE-2018-1121 (sca)","description":"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel\u0026#39;s proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng\u0026#39;s utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-12928 (sca)","name":"Cve201812928","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.","markdown":"In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem."},"fullDescription":{"text":"In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem."},"properties":{"security-severity":"4.0","name":"Cve201812928","id":"CVE-2018-12928 (sca)","description":"In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-15607 (sca)","name":"Cve201815607","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In ImageMagick before 6.9.10-12 and 7.0.8-12, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.","markdown":"In ImageMagick before 6.9.10-12 and 7.0.8-12, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file."},"fullDescription":{"text":"In ImageMagick before 6.9.10-12 and 7.0.8-12, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file."},"properties":{"security-severity":"4.0","name":"Cve201815607","id":"CVE-2018-15607 (sca)","description":"In ImageMagick before 6.9.10-12 and 7.0.8-12, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-15919 (sca)","name":"Cve201815919","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0026#39;We understand that the OpenSSH developers do not want to treat such a username enumeration (or \u0026#34;oracle\u0026#34;) as a vulnerability.\u0026#39;","markdown":"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0026#39;We understand that the OpenSSH developers do not want to treat such a username enumeration (or \u0026#34;oracle\u0026#34;) as a vulnerability.\u0026#39;"},"fullDescription":{"text":"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0026#39;We understand that the OpenSSH developers do not want to treat such a username enumeration (or \u0026#34;oracle\u0026#34;) as a vulnerability.\u0026#39;"},"properties":{"security-severity":"4.0","name":"Cve201815919","id":"CVE-2018-15919 (sca)","description":"Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \u0026#39;We understand that the OpenSSH developers do not want to treat such a username enumeration (or \u0026#34;oracle\u0026#34;) as a vulnerability.\u0026#39;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-17977 (sca)","name":"Cve201817977","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.","markdown":"The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7."},"fullDescription":{"text":"The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7."},"properties":{"security-severity":"4.0","name":"Cve201817977","id":"CVE-2018-17977 (sca)","description":"The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-18064 (sca)","name":"Cve201818064","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).","markdown":"cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function)."},"fullDescription":{"text":"cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function)."},"properties":{"security-severity":"4.0","name":"Cve201818064","id":"CVE-2018-18064 (sca)","description":"cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-20673 (sca)","name":"Cve201820673","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \u0026#34;Create an array for saving the template argument values\u0026#34;) that can trigger a heap-based buffer overflow, as demonstrated by nm.","markdown":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \u0026#34;Create an array for saving the template argument values\u0026#34;) that can trigger a heap-based buffer overflow, as demonstrated by nm."},"fullDescription":{"text":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \u0026#34;Create an array for saving the template argument values\u0026#34;) that can trigger a heap-based buffer overflow, as demonstrated by nm."},"properties":{"security-severity":"4.0","name":"Cve201820673","id":"CVE-2018-20673 (sca)","description":"The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, contains an integer overflow vulnerability (for \u0026#34;Create an array for saving the template argument values\u0026#34;) that can trigger a heap-based buffer overflow, as demonstrated by nm.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-20712 (sca)","name":"Cve201820712","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.","markdown":"A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt."},"fullDescription":{"text":"A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt."},"properties":{"security-severity":"4.0","name":"Cve201820712","id":"CVE-2018-20712 (sca)","description":"A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-20846 (sca)","name":"Cve201820846","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).","markdown":"Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)."},"fullDescription":{"text":"Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash)."},"properties":{"security-severity":"4.0","name":"Cve201820846","id":"CVE-2018-20846 (sca)","description":"Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2018-9996 (sca)","name":"Cve20189996","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.","markdown":"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression."},"fullDescription":{"text":"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression."},"properties":{"security-severity":"4.0","name":"Cve20189996","id":"CVE-2018-9996 (sca)","description":"An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-1010024 (sca)","name":"Cve20191010024","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;","markdown":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve20191010024","id":"CVE-2019-1010024 (sca)","description":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \u0026#34;this is being treated as a non-security bug and no real threat.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-1010025 (sca)","name":"Cve20191010025","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor\u0026#39;s position is \u0026#34;ASLR bypass itself is not a vulnerability.\u0026#34;","markdown":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor\u0026#39;s position is \u0026#34;ASLR bypass itself is not a vulnerability.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor\u0026#39;s position is \u0026#34;ASLR bypass itself is not a vulnerability.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve20191010025","id":"CVE-2019-1010025 (sca)","description":"** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor\u0026#39;s position is \u0026#34;ASLR bypass itself is not a vulnerability.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12378 (sca)","name":"Cve201912378","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.","markdown":"** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue."},"properties":{"security-severity":"4.0","name":"Cve201912378","id":"CVE-2019-12378 (sca)","description":"** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12379 (sca)","name":"Cve201912379","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.","markdown":"** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue."},"properties":{"security-severity":"4.0","name":"Cve201912379","id":"CVE-2019-12379 (sca)","description":"** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12380 (sca)","name":"Cve201912380","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.","markdown":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”."},"fullDescription":{"text":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”."},"properties":{"security-severity":"4.0","name":"Cve201912380","id":"CVE-2019-12380 (sca)","description":"**DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12381 (sca)","name":"Cve201912381","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.","markdown":"** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL."},"properties":{"security-severity":"4.0","name":"Cve201912381","id":"CVE-2019-12381 (sca)","description":"** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12382 (sca)","name":"Cve201912382","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.","markdown":"** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference."},"properties":{"security-severity":"4.0","name":"Cve201912382","id":"CVE-2019-12382 (sca)","description":"** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-12455 (sca)","name":"Cve201912455","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.","markdown":"** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”."},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”."},"properties":{"security-severity":"4.0","name":"Cve201912455","id":"CVE-2019-12455 (sca)","description":"** DISPUTED ** An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-15213 (sca)","name":"Cve201915213","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.","markdown":"An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver."},"fullDescription":{"text":"An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver."},"properties":{"security-severity":"4.0","name":"Cve201915213","id":"CVE-2019-15213 (sca)","description":"An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16089 (sca)","name":"Cve201916089","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.","markdown":"An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value."},"properties":{"security-severity":"4.0","name":"Cve201916089","id":"CVE-2019-16089 (sca)","description":"An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16229 (sca)","name":"Cve201916229","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.","markdown":"** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id."},"fullDescription":{"text":"** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id."},"properties":{"security-severity":"4.0","name":"Cve201916229","id":"CVE-2019-16229 (sca)","description":"** DISPUTED ** drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16230 (sca)","name":"Cve201916230","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.","markdown":"** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely."},"fullDescription":{"text":"** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely."},"properties":{"security-severity":"4.0","name":"Cve201916230","id":"CVE-2019-16230 (sca)","description":"** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16231 (sca)","name":"Cve201916231","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","markdown":"drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"fullDescription":{"text":"drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"properties":{"security-severity":"4.0","name":"Cve201916231","id":"CVE-2019-16231 (sca)","description":"drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16232 (sca)","name":"Cve201916232","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","markdown":"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"fullDescription":{"text":"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"properties":{"security-severity":"4.0","name":"Cve201916232","id":"CVE-2019-16232 (sca)","description":"drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16233 (sca)","name":"Cve201916233","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","markdown":"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"fullDescription":{"text":"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"properties":{"security-severity":"4.0","name":"Cve201916233","id":"CVE-2019-16233 (sca)","description":"drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-16234 (sca)","name":"Cve201916234","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","markdown":"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"fullDescription":{"text":"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference."},"properties":{"security-severity":"4.0","name":"Cve201916234","id":"CVE-2019-16234 (sca)","description":"drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-19378 (sca)","name":"Cve201919378","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.","markdown":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c."},"fullDescription":{"text":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c."},"properties":{"security-severity":"4.0","name":"Cve201919378","id":"CVE-2019-19378 (sca)","description":"In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-19449 (sca)","name":"Cve201919449","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).","markdown":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated)."},"fullDescription":{"text":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated)."},"properties":{"security-severity":"4.0","name":"Cve201919449","id":"CVE-2019-19449 (sca)","description":"In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can lead to slab-out-of-bounds read access in f2fs_build_segment_manager in fs/f2fs/segment.c, related to init_min_max_mtime in fs/f2fs/segment.c (because the second argument to get_seg_entry is not validated).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-19882 (sca)","name":"Cve201919882","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).","markdown":"shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8)."},"fullDescription":{"text":"shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8)."},"properties":{"security-severity":"4.0","name":"Cve201919882","id":"CVE-2019-19882 (sca)","description":"shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-20794 (sca)","name":"Cve201920794","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace\u0026#39;s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.","markdown":"An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace\u0026#39;s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion."},"fullDescription":{"text":"An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace\u0026#39;s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion."},"properties":{"security-severity":"4.0","name":"Cve201920794","id":"CVE-2019-20794 (sca)","description":"An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace\u0026#39;s pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-6110 (sca)","name":"Cve20196110","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.","markdown":"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."},"fullDescription":{"text":"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred."},"properties":{"security-severity":"4.0","name":"Cve20196110","id":"CVE-2019-6110 (sca)","description":"In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-6461 (sca)","name":"Cve20196461","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.","markdown":"An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c."},"fullDescription":{"text":"An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c."},"properties":{"security-severity":"4.0","name":"Cve20196461","id":"CVE-2019-6461 (sca)","description":"An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-6462 (sca)","name":"Cve20196462","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.","markdown":"An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized."},"fullDescription":{"text":"An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized."},"properties":{"security-severity":"4.0","name":"Cve20196462","id":"CVE-2019-6462 (sca)","description":"An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max_angle_for_tolerance_normalized.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-6988 (sca)","name":"Cve20196988","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.","markdown":"An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress."},"fullDescription":{"text":"An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress."},"properties":{"security-severity":"4.0","name":"Cve20196988","id":"CVE-2019-6988 (sca)","description":"An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-11725 (sca)","name":"Cve202011725","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u0026gt;owner line, which later affects a private_size*count multiplication for unspecified \u0026#34;interesting side effects.\u0026#34; NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u0026gt;owner field to represent data unrelated to the \u0026#34;owner\u0026#34; concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u0026gt;owner field in a safe way.","markdown":"** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u0026gt;owner line, which later affects a private_size*count multiplication for unspecified \u0026#34;interesting side effects.\u0026#34; NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u0026gt;owner field to represent data unrelated to the \u0026#34;owner\u0026#34; concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u0026gt;owner field in a safe way."},"fullDescription":{"text":"** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u0026gt;owner line, which later affects a private_size*count multiplication for unspecified \u0026#34;interesting side effects.\u0026#34; NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u0026gt;owner field to represent data unrelated to the \u0026#34;owner\u0026#34; concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u0026gt;owner field in a safe way."},"properties":{"security-severity":"4.0","name":"Cve202011725","id":"CVE-2020-11725 (sca)","description":"** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info-\u0026gt;owner line, which later affects a private_size*count multiplication for unspecified \u0026#34;interesting side effects.\u0026#34; NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info-\u0026gt;owner field to represent data unrelated to the \u0026#34;owner\u0026#34; concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info-\u0026gt;owner field in a safe way.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-14145 (sca)","name":"Cve202014145","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.","markdown":"The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."},"fullDescription":{"text":"The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected."},"properties":{"security-severity":"4.0","name":"Cve202014145","id":"CVE-2020-14145 (sca)","description":"The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). NOTE: some reports state that 8.5 and 8.6 are also affected.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-15719 (sca)","name":"Cve202015719","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.","markdown":"libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux."},"fullDescription":{"text":"libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux."},"properties":{"security-severity":"4.0","name":"Cve202015719","id":"CVE-2020-15719 (sca)","description":"libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-15778 (sca)","name":"Cve202015778","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \u0026#34;anomalous argument transfers\u0026#34; because that could \u0026#34;stand a great chance of breaking existing workflows.\u0026#34;","markdown":"** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \u0026#34;anomalous argument transfers\u0026#34; because that could \u0026#34;stand a great chance of breaking existing workflows.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \u0026#34;anomalous argument transfers\u0026#34; because that could \u0026#34;stand a great chance of breaking existing workflows.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve202015778","id":"CVE-2020-15778 (sca)","description":"** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of \u0026#34;anomalous argument transfers\u0026#34; because that could \u0026#34;stand a great chance of breaking existing workflows.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-15802 (sca)","name":"Cve202015802","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.","markdown":"Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."},"fullDescription":{"text":"Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less."},"properties":{"security-severity":"4.0","name":"Cve202015802","id":"CVE-2020-15802 (sca)","description":"Devices supporting Bluetooth before 5.1 may allow man-in-the-middle attacks, aka BLURtooth. Cross Transport Key Derivation in Bluetooth Core Specification v4.2 and v5.0 may permit an unauthenticated user to establish a bonding with one transport, either LE or BR/EDR, and replace a bonding already established on the opposing transport, BR/EDR or LE, potentially overwriting an authenticated key with an unauthenticated key, or a key with greater entropy with one with less.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-26555 (sca)","name":"Cve202026555","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.","markdown":"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."},"fullDescription":{"text":"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN."},"properties":{"security-severity":"4.0","name":"Cve202026555","id":"CVE-2020-26555 (sca)","description":"Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-26559 (sca)","name":"Cve202026559","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.","markdown":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."},"fullDescription":{"text":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue."},"properties":{"security-severity":"4.0","name":"Cve202026559","id":"CVE-2020-26559 (sca)","description":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (participating in the provisioning protocol) to identify the AuthValue used given the Provisioner’s public key, and the confirmation number and nonce provided by the provisioning device. This could permit a device without the AuthValue to complete provisioning without brute-forcing the AuthValue.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-26560 (sca)","name":"Cve202026560","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.","markdown":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."},"fullDescription":{"text":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey."},"properties":{"security-severity":"4.0","name":"Cve202026560","id":"CVE-2020-26560 (sca)","description":"Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, reflecting the authentication evidence from a Provisioner, to complete authentication without possessing the AuthValue, and potentially acquire a NetKey and AppKey.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-26934 (sca)","name":"Cve202126934","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn\u0026#39;t stated accordingly in its support status entry.","markdown":"An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn\u0026#39;t stated accordingly in its support status entry."},"fullDescription":{"text":"An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn\u0026#39;t stated accordingly in its support status entry."},"properties":{"security-severity":"4.0","name":"Cve202126934","id":"CVE-2021-26934 (sca)","description":"An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn\u0026#39;t stated accordingly in its support status entry.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-26945 (sca)","name":"Cve202126945","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.","markdown":"An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR."},"fullDescription":{"text":"An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR."},"properties":{"security-severity":"4.0","name":"Cve202126945","id":"CVE-2021-26945 (sca)","description":"An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-31879 (sca)","name":"Cve202131879","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.","markdown":"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007."},"fullDescription":{"text":"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007."},"properties":{"security-severity":"4.0","name":"Cve202131879","id":"CVE-2021-31879 (sca)","description":"GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-32256 (sca)","name":"Cve202132256","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in GNU library, as distributed in GNU Binutils. It is a stack-overflow issue in \u0026#34;demangle_type\u0026#34; in \u0026#34;rust-demangle.c\u0026#34;.","markdown":"An issue was discovered in GNU library, as distributed in GNU Binutils. It is a stack-overflow issue in \u0026#34;demangle_type\u0026#34; in \u0026#34;rust-demangle.c\u0026#34;."},"fullDescription":{"text":"An issue was discovered in GNU library, as distributed in GNU Binutils. It is a stack-overflow issue in \u0026#34;demangle_type\u0026#34; in \u0026#34;rust-demangle.c\u0026#34;."},"properties":{"security-severity":"4.0","name":"Cve202132256","id":"CVE-2021-32256 (sca)","description":"An issue was discovered in GNU library, as distributed in GNU Binutils. It is a stack-overflow issue in \u0026#34;demangle_type\u0026#34; in \u0026#34;rust-demangle.c\u0026#34;.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-35331 (sca)","name":"Cve202135331","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.","markdown":"** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding."},"fullDescription":{"text":"** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding."},"properties":{"security-severity":"4.0","name":"Cve202135331","id":"CVE-2021-35331 (sca)","description":"** DISPUTED ** In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-3575 (sca)","name":"Cve20213575","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.","markdown":"A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."},"fullDescription":{"text":"A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg."},"properties":{"security-severity":"4.0","name":"Cve20213575","id":"CVE-2021-3575 (sca)","description":"A heap-based buffer overflow was found in openjpeg in color.c:379:42 in sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use this to execute arbitrary code with the permissions of the application compiled against openjpeg.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-4214 (sca)","name":"Cve20214214","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap overflow flaw was found in Libping\u0026#39;s \u0026#34;pngimage.c\u0026#34; program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the \u0026#34;pngimage\u0026#34; utility, causing an application to crash, leading to a denial of service.","markdown":"A heap overflow flaw was found in Libping\u0026#39;s \u0026#34;pngimage.c\u0026#34; program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the \u0026#34;pngimage\u0026#34; utility, causing an application to crash, leading to a denial of service."},"fullDescription":{"text":"A heap overflow flaw was found in Libping\u0026#39;s \u0026#34;pngimage.c\u0026#34; program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the \u0026#34;pngimage\u0026#34; utility, causing an application to crash, leading to a denial of service."},"properties":{"security-severity":"4.0","name":"Cve20214214","id":"CVE-2021-4214 (sca)","description":"A heap overflow flaw was found in Libping\u0026#39;s \u0026#34;pngimage.c\u0026#34; program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the \u0026#34;pngimage\u0026#34; utility, causing an application to crash, leading to a denial of service.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-45261 (sca)","name":"Cve202145261","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.","markdown":"An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."},"fullDescription":{"text":"An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service."},"properties":{"security-severity":"4.0","name":"Cve202145261","id":"CVE-2021-45261 (sca)","description":"An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-45346 (sca)","name":"Cve202145346","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.","markdown":"A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information."},"fullDescription":{"text":"A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information."},"properties":{"security-severity":"4.0","name":"Cve202145346","id":"CVE-2021-45346 (sca)","description":"A Memory Leak vulnerabilty exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicous user obtain sensitive information.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-1115 (sca)","name":"Cve20221115","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap-buffer-overflow flaw was found in ImageMagick’s \u0026#34;PushShortPixel()\u0026#34; function of \u0026#34;quantum-private.h\u0026#34; file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. This issue affects ImageMagick-6.x prior to 6.9.12-44 and ImageMagick-7.x prior to 7.1.0-29.","markdown":"A heap-buffer-overflow flaw was found in ImageMagick’s \u0026#34;PushShortPixel()\u0026#34; function of \u0026#34;quantum-private.h\u0026#34; file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. This issue affects ImageMagick-6.x prior to 6.9.12-44 and ImageMagick-7.x prior to 7.1.0-29."},"fullDescription":{"text":"A heap-buffer-overflow flaw was found in ImageMagick’s \u0026#34;PushShortPixel()\u0026#34; function of \u0026#34;quantum-private.h\u0026#34; file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. This issue affects ImageMagick-6.x prior to 6.9.12-44 and ImageMagick-7.x prior to 7.1.0-29."},"properties":{"security-severity":"4.0","name":"Cve20221115","id":"CVE-2022-1115 (sca)","description":"A heap-buffer-overflow flaw was found in ImageMagick’s \u0026#34;PushShortPixel()\u0026#34; function of \u0026#34;quantum-private.h\u0026#34; file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. This issue affects ImageMagick-6.x prior to 6.9.12-44 and ImageMagick-7.x prior to 7.1.0-29.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-1210 (sca)","name":"Cve20221210","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A vulnerability classified as problematic was found in LibTIFF. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.","markdown":"A vulnerability classified as problematic was found in LibTIFF. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used."},"fullDescription":{"text":"A vulnerability classified as problematic was found in LibTIFF. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used."},"properties":{"security-severity":"4.0","name":"Cve20221210","id":"CVE-2022-1210 (sca)","description":"A vulnerability classified as problematic was found in LibTIFF. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-25265 (sca)","name":"Cve202225265","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.","markdown":"In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file."},"fullDescription":{"text":"In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file."},"properties":{"security-severity":"4.0","name":"Cve202225265","id":"CVE-2022-25265 (sca)","description":"In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-27943 (sca)","name":"Cve202227943","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","markdown":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new."},"fullDescription":{"text":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new."},"properties":{"security-severity":"4.0","name":"Cve202227943","id":"CVE-2022-27943 (sca)","description":"libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-3213 (sca)","name":"Cve20223213","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. The affected versions are 6.x before 6.9.12-62 and 7.x before 7.1.0-47.","markdown":"A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. The affected versions are 6.x before 6.9.12-62 and 7.x before 7.1.0-47."},"fullDescription":{"text":"A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. The affected versions are 6.x before 6.9.12-62 and 7.x before 7.1.0-47."},"properties":{"security-severity":"4.0","name":"Cve20223213","id":"CVE-2022-3213 (sca)","description":"A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service. The affected versions are 6.x before 6.9.12-62 and 7.x before 7.1.0-47.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-3219 (sca)","name":"Cve20223219","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.","markdown":"GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."},"fullDescription":{"text":"GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB."},"properties":{"security-severity":"4.0","name":"Cve20223219","id":"CVE-2022-3219 (sca)","description":"GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-38096 (sca)","name":"Cve202238096","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0026#39;/dev/dri/renderD128 (or Dxxx)\u0026#39;. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).","markdown":"A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0026#39;/dev/dri/renderD128 (or Dxxx)\u0026#39;. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."},"fullDescription":{"text":"A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0026#39;/dev/dri/renderD128 (or Dxxx)\u0026#39;. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."},"properties":{"security-severity":"4.0","name":"Cve202238096","id":"CVE-2022-38096 (sca)","description":"A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0026#39;/dev/dri/renderD128 (or Dxxx)\u0026#39;. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-40897 (sca)","name":"Cve202240897","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Python Packaging Authority (PyPA) setuptools prior to 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in \u0026#34;package_index.py\u0026#34;.","markdown":"Python Packaging Authority (PyPA) setuptools prior to 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in \u0026#34;package_index.py\u0026#34;."},"fullDescription":{"text":"Python Packaging Authority (PyPA) setuptools prior to 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in \u0026#34;package_index.py\u0026#34;."},"properties":{"security-severity":"4.0","name":"Cve202240897","id":"CVE-2022-40897 (sca)","description":"Python Packaging Authority (PyPA) setuptools prior to 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in \u0026#34;package_index.py\u0026#34;.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-41848 (sca)","name":"Cve202241848","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.","markdown":"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach."},"fullDescription":{"text":"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach."},"properties":{"security-severity":"4.0","name":"Cve202241848","id":"CVE-2022-41848 (sca)","description":"drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-44032 (sca)","name":"Cve202244032","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().","markdown":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach()."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach()."},"properties":{"security-severity":"4.0","name":"Cve202244032","id":"CVE-2022-44032 (sca)","description":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-44033 (sca)","name":"Cve202244033","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().","markdown":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach()."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach()."},"properties":{"security-severity":"4.0","name":"Cve202244033","id":"CVE-2022-44033 (sca)","description":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-44034 (sca)","name":"Cve202244034","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().","markdown":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove()."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove()."},"properties":{"security-severity":"4.0","name":"Cve202244034","id":"CVE-2022-44034 (sca)","description":"An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-4543 (sca)","name":"Cve20224543","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw named \u0026#34;EntryBleed\u0026#34; was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.","markdown":"A flaw named \u0026#34;EntryBleed\u0026#34; was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems."},"fullDescription":{"text":"A flaw named \u0026#34;EntryBleed\u0026#34; was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems."},"properties":{"security-severity":"4.0","name":"Cve20224543","id":"CVE-2022-4543 (sca)","description":"A flaw named \u0026#34;EntryBleed\u0026#34; was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-45888 (sca)","name":"Cve202245888","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.","markdown":"An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device."},"properties":{"security-severity":"4.0","name":"Cve202245888","id":"CVE-2022-45888 (sca)","description":"An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-0597 (sca)","name":"Cve20230597","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.","markdown":"A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory."},"fullDescription":{"text":"A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory."},"properties":{"security-severity":"4.0","name":"Cve20230597","id":"CVE-2023-0597 (sca)","description":"A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-1289 (sca)","name":"Cve20231289","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A vulnerability was discovered in ImageMagick6 prior to 6.9.12-78 and ImageMagick prior to 7.1.1-0 where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \u0026#34;/tmp,\u0026#34; resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.","markdown":"A vulnerability was discovered in ImageMagick6 prior to 6.9.12-78 and ImageMagick prior to 7.1.1-0 where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \u0026#34;/tmp,\u0026#34; resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G."},"fullDescription":{"text":"A vulnerability was discovered in ImageMagick6 prior to 6.9.12-78 and ImageMagick prior to 7.1.1-0 where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \u0026#34;/tmp,\u0026#34; resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G."},"properties":{"security-severity":"4.0","name":"Cve20231289","id":"CVE-2023-1289 (sca)","description":"A vulnerability was discovered in ImageMagick6 prior to 6.9.12-78 and ImageMagick prior to 7.1.1-0 where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in \u0026#34;/tmp,\u0026#34; resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-1906 (sca)","name":"Cve20231906","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A heap-based buffer overflow issue was discovered in ImageMagick\u0026#39;s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. This issue affects ImageMagick in versions 7.0.x prior to 7.1.1-6 and ImageMagcik6 in versions 6.9.x prior to 6.9.12-84","markdown":"A heap-based buffer overflow issue was discovered in ImageMagick\u0026#39;s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. This issue affects ImageMagick in versions 7.0.x prior to 7.1.1-6 and ImageMagcik6 in versions 6.9.x prior to 6.9.12-84"},"fullDescription":{"text":"A heap-based buffer overflow issue was discovered in ImageMagick\u0026#39;s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. This issue affects ImageMagick in versions 7.0.x prior to 7.1.1-6 and ImageMagcik6 in versions 6.9.x prior to 6.9.12-84"},"properties":{"security-severity":"4.0","name":"Cve20231906","id":"CVE-2023-1906 (sca)","description":"A heap-based buffer overflow issue was discovered in ImageMagick\u0026#39;s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. This issue affects ImageMagick in versions 7.0.x prior to 7.1.1-6 and ImageMagcik6 in versions 6.9.x prior to 6.9.12-84","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-2157 (sca)","name":"Cve20232157","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A Heap-based Buffer Overflow vulnerability was found in ImageMagick6 versions prior to 6.9.12-85 and ImageMagick7 versions prior to the 7.1.1-7 package which can lead to the application crashing.","markdown":"A Heap-based Buffer Overflow vulnerability was found in ImageMagick6 versions prior to 6.9.12-85 and ImageMagick7 versions prior to the 7.1.1-7 package which can lead to the application crashing."},"fullDescription":{"text":"A Heap-based Buffer Overflow vulnerability was found in ImageMagick6 versions prior to 6.9.12-85 and ImageMagick7 versions prior to the 7.1.1-7 package which can lead to the application crashing."},"properties":{"security-severity":"4.0","name":"Cve20232157","id":"CVE-2023-2157 (sca)","description":"A Heap-based Buffer Overflow vulnerability was found in ImageMagick6 versions prior to 6.9.12-85 and ImageMagick7 versions prior to the 7.1.1-7 package which can lead to the application crashing.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-23005 (sca)","name":"Cve202323005","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.","markdown":"** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached."},"fullDescription":{"text":"** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached."},"properties":{"security-severity":"4.0","name":"Cve202323005","id":"CVE-2023-23005 (sca)","description":"** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-23039 (sca)","name":"Cve202323039","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().","markdown":"An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove()."},"fullDescription":{"text":"An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove()."},"properties":{"security-severity":"4.0","name":"Cve202323039","id":"CVE-2023-23039 (sca)","description":"An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-25433 (sca)","name":"Cve202325433","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The package libtiff in versions prior to 4.5.1rc1 is vulnerable to Buffer Overflow via \u0026#34;/libtiff/tools/tiffcrop.c:8499\u0026#34;. Incorrect updating of buffer size after \u0026#34;rotateImage()\u0026#34; in tiffcrop cause Heap Buffer Overflow and SEGV.","markdown":"The package libtiff in versions prior to 4.5.1rc1 is vulnerable to Buffer Overflow via \u0026#34;/libtiff/tools/tiffcrop.c:8499\u0026#34;. Incorrect updating of buffer size after \u0026#34;rotateImage()\u0026#34; in tiffcrop cause Heap Buffer Overflow and SEGV."},"fullDescription":{"text":"The package libtiff in versions prior to 4.5.1rc1 is vulnerable to Buffer Overflow via \u0026#34;/libtiff/tools/tiffcrop.c:8499\u0026#34;. Incorrect updating of buffer size after \u0026#34;rotateImage()\u0026#34; in tiffcrop cause Heap Buffer Overflow and SEGV."},"properties":{"security-severity":"4.0","name":"Cve202325433","id":"CVE-2023-25433 (sca)","description":"The package libtiff in versions prior to 4.5.1rc1 is vulnerable to Buffer Overflow via \u0026#34;/libtiff/tools/tiffcrop.c:8499\u0026#34;. Incorrect updating of buffer size after \u0026#34;rotateImage()\u0026#34; in tiffcrop cause Heap Buffer Overflow and SEGV.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-26966 (sca)","name":"Cve202326966","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The package libtiff versions prior to 4.5.1rc1 are vulnerable to Buffer Overflow in \u0026#34;uv_encode()\u0026#34; when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.","markdown":"The package libtiff versions prior to 4.5.1rc1 are vulnerable to Buffer Overflow in \u0026#34;uv_encode()\u0026#34; when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian."},"fullDescription":{"text":"The package libtiff versions prior to 4.5.1rc1 are vulnerable to Buffer Overflow in \u0026#34;uv_encode()\u0026#34; when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian."},"properties":{"security-severity":"4.0","name":"Cve202326966","id":"CVE-2023-26966 (sca)","description":"The package libtiff versions prior to 4.5.1rc1 are vulnerable to Buffer Overflow in \u0026#34;uv_encode()\u0026#34; when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-27102 (sca)","name":"Cve202327102","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.","markdown":"Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc."},"fullDescription":{"text":"Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc."},"properties":{"security-severity":"4.0","name":"Cve202327102","id":"CVE-2023-27102 (sca)","description":"Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-2908 (sca)","name":"Cve20232908","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A NULL Pointer Dereference issue was discovered in Libtiff\u0026#39;s \u0026#34;tif_dir.c\u0026#34; file in versions through 4.5.0.This flaw allows an attacker to pass a crafted TIFF image file to the \u0026#34;tiffcp\u0026#34; utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a Denial of Service.","markdown":"A NULL Pointer Dereference issue was discovered in Libtiff\u0026#39;s \u0026#34;tif_dir.c\u0026#34; file in versions through 4.5.0.This flaw allows an attacker to pass a crafted TIFF image file to the \u0026#34;tiffcp\u0026#34; utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a Denial of Service."},"fullDescription":{"text":"A NULL Pointer Dereference issue was discovered in Libtiff\u0026#39;s \u0026#34;tif_dir.c\u0026#34; file in versions through 4.5.0.This flaw allows an attacker to pass a crafted TIFF image file to the \u0026#34;tiffcp\u0026#34; utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a Denial of Service."},"properties":{"security-severity":"4.0","name":"Cve20232908","id":"CVE-2023-2908 (sca)","description":"A NULL Pointer Dereference issue was discovered in Libtiff\u0026#39;s \u0026#34;tif_dir.c\u0026#34; file in versions through 4.5.0.This flaw allows an attacker to pass a crafted TIFF image file to the \u0026#34;tiffcp\u0026#34; utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a Denial of Service.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-31438 (sca)","name":"Cve202331438","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: The vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;","markdown":"** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: The vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: The vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve202331438","id":"CVE-2023-31438 (sca)","description":"** DISPUTED ** An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: The vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-31439 (sca)","name":"Cve202331439","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** An issue was discovered in systemd. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;","markdown":"** DISPUTED ** An issue was discovered in systemd. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;"},"fullDescription":{"text":"** DISPUTED ** An issue was discovered in systemd. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;"},"properties":{"security-severity":"4.0","name":"Cve202331439","id":"CVE-2023-31439 (sca)","description":"** DISPUTED ** An issue was discovered in systemd. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \u0026#34;a reply denying that any of the finding was a security vulnerability.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-3195 (sca)","name":"Cve20233195","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A Stack-based Buffer Overflow issue was found in ImageMagick6 versions through 6.9.12-25 and ImageMagick7 versions through 7.1.0-10 via  \u0026#34;coders/tiff.c\u0026#34;. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a Denial of Service.","markdown":"A Stack-based Buffer Overflow issue was found in ImageMagick6 versions through 6.9.12-25 and ImageMagick7 versions through 7.1.0-10 via  \u0026#34;coders/tiff.c\u0026#34;. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a Denial of Service."},"fullDescription":{"text":"A Stack-based Buffer Overflow issue was found in ImageMagick6 versions through 6.9.12-25 and ImageMagick7 versions through 7.1.0-10 via  \u0026#34;coders/tiff.c\u0026#34;. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a Denial of Service."},"properties":{"security-severity":"4.0","name":"Cve20233195","id":"CVE-2023-3195 (sca)","description":"A Stack-based Buffer Overflow issue was found in ImageMagick6 versions through 6.9.12-25 and ImageMagick7 versions through 7.1.0-10 via  \u0026#34;coders/tiff.c\u0026#34;. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a Denial of Service.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-3316 (sca)","name":"Cve20233316","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"NULL Pointer Dereference in \u0026#34;TIFFClose()\u0026#34; is caused by a failure to open an output file (non-existent path or a path that requires permissions like \u0026#34;/dev/null\u0026#34;) while specifying zones. This vulnerability affects libtiff versions 3.7.0alpha through 4.5.0.\n","markdown":"NULL Pointer Dereference in \u0026#34;TIFFClose()\u0026#34; is caused by a failure to open an output file (non-existent path or a path that requires permissions like \u0026#34;/dev/null\u0026#34;) while specifying zones. This vulnerability affects libtiff versions 3.7.0alpha through 4.5.0.\n"},"fullDescription":{"text":"NULL Pointer Dereference in \u0026#34;TIFFClose()\u0026#34; is caused by a failure to open an output file (non-existent path or a path that requires permissions like \u0026#34;/dev/null\u0026#34;) while specifying zones. This vulnerability affects libtiff versions 3.7.0alpha through 4.5.0.\n"},"properties":{"security-severity":"4.0","name":"Cve20233316","id":"CVE-2023-3316 (sca)","description":"NULL Pointer Dereference in \u0026#34;TIFFClose()\u0026#34; is caused by a failure to open an output file (non-existent path or a path that requires permissions like \u0026#34;/dev/null\u0026#34;) while specifying zones. This vulnerability affects libtiff versions 3.7.0alpha through 4.5.0.\n","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-34151 (sca)","name":"Cve202334151","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A vulnerability was found in ImageMagick6 prior to versions 6.9.12-88 and ImageMagick versions prior to 7.1.1-10. This security flaw occurs as an undefined behaviour of casting \u0026#34;double\u0026#34; to \u0026#34;size_t\u0026#34; in \u0026#34;svg\u0026#34;, \u0026#34;mvg\u0026#34; and other coders (recurring bugs of CVE-2022-32546).","markdown":"A vulnerability was found in ImageMagick6 prior to versions 6.9.12-88 and ImageMagick versions prior to 7.1.1-10. This security flaw occurs as an undefined behaviour of casting \u0026#34;double\u0026#34; to \u0026#34;size_t\u0026#34; in \u0026#34;svg\u0026#34;, \u0026#34;mvg\u0026#34; and other coders (recurring bugs of CVE-2022-32546)."},"fullDescription":{"text":"A vulnerability was found in ImageMagick6 prior to versions 6.9.12-88 and ImageMagick versions prior to 7.1.1-10. This security flaw occurs as an undefined behaviour of casting \u0026#34;double\u0026#34; to \u0026#34;size_t\u0026#34; in \u0026#34;svg\u0026#34;, \u0026#34;mvg\u0026#34; and other coders (recurring bugs of CVE-2022-32546)."},"properties":{"security-severity":"4.0","name":"Cve202334151","id":"CVE-2023-34151 (sca)","description":"A vulnerability was found in ImageMagick6 prior to versions 6.9.12-88 and ImageMagick versions prior to 7.1.1-10. This security flaw occurs as an undefined behaviour of casting \u0026#34;double\u0026#34; to \u0026#34;size_t\u0026#34; in \u0026#34;svg\u0026#34;, \u0026#34;mvg\u0026#34; and other coders (recurring bugs of CVE-2022-32546).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-3428 (sca)","name":"Cve20233428","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A Heap-based Buffer Overflow vulnerability was found in \u0026#34;coders/tiff.c\u0026#34;. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and Denial of Service (DOS). This vulnerability affects ImageMagick6 versions through 6.9.12-90, and ImageMagick7 versions through 7.1.1-12.","markdown":"A Heap-based Buffer Overflow vulnerability was found in \u0026#34;coders/tiff.c\u0026#34;. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and Denial of Service (DOS). This vulnerability affects ImageMagick6 versions through 6.9.12-90, and ImageMagick7 versions through 7.1.1-12."},"fullDescription":{"text":"A Heap-based Buffer Overflow vulnerability was found in \u0026#34;coders/tiff.c\u0026#34;. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and Denial of Service (DOS). This vulnerability affects ImageMagick6 versions through 6.9.12-90, and ImageMagick7 versions through 7.1.1-12."},"properties":{"security-severity":"4.0","name":"Cve20233428","id":"CVE-2023-3428 (sca)","description":"A Heap-based Buffer Overflow vulnerability was found in \u0026#34;coders/tiff.c\u0026#34;. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and Denial of Service (DOS). This vulnerability affects ImageMagick6 versions through 6.9.12-90, and ImageMagick7 versions through 7.1.1-12.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-3576 (sca)","name":"Cve20233576","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A memory leak flaw was found in Libtiff\u0026#39;s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting in an application crash, eventually leading to a Denial of Service. This issue affects libtiff versions prior to 4.5.1rc1.","markdown":"A memory leak flaw was found in Libtiff\u0026#39;s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting in an application crash, eventually leading to a Denial of Service. This issue affects libtiff versions prior to 4.5.1rc1."},"fullDescription":{"text":"A memory leak flaw was found in Libtiff\u0026#39;s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting in an application crash, eventually leading to a Denial of Service. This issue affects libtiff versions prior to 4.5.1rc1."},"properties":{"security-severity":"4.0","name":"Cve20233576","id":"CVE-2023-3576 (sca)","description":"A memory leak flaw was found in Libtiff\u0026#39;s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting in an application crash, eventually leading to a Denial of Service. This issue affects libtiff versions prior to 4.5.1rc1.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-3618 (sca)","name":"Cve20233618","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in Libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the \u0026#34;Fax3Encode\u0026#34; function in \u0026#34;libtiff/tif_fax3.c\u0026#34;, resulting in a Denial Of Service (DOS).","markdown":"A flaw was found in Libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the \u0026#34;Fax3Encode\u0026#34; function in \u0026#34;libtiff/tif_fax3.c\u0026#34;, resulting in a Denial Of Service (DOS)."},"fullDescription":{"text":"A flaw was found in Libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the \u0026#34;Fax3Encode\u0026#34; function in \u0026#34;libtiff/tif_fax3.c\u0026#34;, resulting in a Denial Of Service (DOS)."},"properties":{"security-severity":"4.0","name":"Cve20233618","id":"CVE-2023-3618 (sca)","description":"A flaw was found in Libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the \u0026#34;Fax3Encode\u0026#34; function in \u0026#34;libtiff/tif_fax3.c\u0026#34;, resulting in a Denial Of Service (DOS).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-36191 (sca)","name":"Cve202336191","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"sqlite3 was discovered to contain a segmentation violation at \u0026#34;/sqlite3_aflpp/shell.c\u0026#34;.","markdown":"sqlite3 was discovered to contain a segmentation violation at \u0026#34;/sqlite3_aflpp/shell.c\u0026#34;."},"fullDescription":{"text":"sqlite3 was discovered to contain a segmentation violation at \u0026#34;/sqlite3_aflpp/shell.c\u0026#34;."},"properties":{"security-severity":"4.0","name":"Cve202336191","id":"CVE-2023-36191 (sca)","description":"sqlite3 was discovered to contain a segmentation violation at \u0026#34;/sqlite3_aflpp/shell.c\u0026#34;.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-37769 (sca)","name":"Cve202337769","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In pixman, it was discovered to contain a Floating Point Exception (FPE) vulnerability via the component \u0026#34;combine_inner\u0026#34; at \u0026#34;/pixman-combine-float.c\u0026#34;.","markdown":"In pixman, it was discovered to contain a Floating Point Exception (FPE) vulnerability via the component \u0026#34;combine_inner\u0026#34; at \u0026#34;/pixman-combine-float.c\u0026#34;."},"fullDescription":{"text":"In pixman, it was discovered to contain a Floating Point Exception (FPE) vulnerability via the component \u0026#34;combine_inner\u0026#34; at \u0026#34;/pixman-combine-float.c\u0026#34;."},"properties":{"security-severity":"4.0","name":"Cve202337769","id":"CVE-2023-37769 (sca)","description":"In pixman, it was discovered to contain a Floating Point Exception (FPE) vulnerability via the component \u0026#34;combine_inner\u0026#34; at \u0026#34;/pixman-combine-float.c\u0026#34;.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-39615 (sca)","name":"Cve202339615","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0026#39;s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.","markdown":"** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0026#39;s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input."},"fullDescription":{"text":"** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0026#39;s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input."},"properties":{"security-severity":"4.0","name":"Cve202339615","id":"CVE-2023-39615 (sca)","description":"** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\u0026#39;s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-40745 (sca)","name":"Cve202340745","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"LibTIFF is vulnerable to an integer overflow in versions prior to 4.6.0rc1. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","markdown":"LibTIFF is vulnerable to an integer overflow in versions prior to 4.6.0rc1. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."},"fullDescription":{"text":"LibTIFF is vulnerable to an integer overflow in versions prior to 4.6.0rc1. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."},"properties":{"security-severity":"4.0","name":"Cve202340745","id":"CVE-2023-40745 (sca)","description":"LibTIFF is vulnerable to an integer overflow in versions prior to 4.6.0rc1. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-44487 (sca)","name":"Cve202344487","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.","markdown":"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."},"fullDescription":{"text":"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023."},"properties":{"security-severity":"4.0","name":"Cve202344487","id":"CVE-2023-44487 (sca)","description":"The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.","tags":["security","checkmarx","sca"]}},{"id":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","name":"Healthcheck Instruction Missing","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working Value: Dockerfile doesn't contain instruction 'HEALTHCHECK' Excepted value: Dockerfile should contain instruction 'HEALTHCHECK'","markdown":"Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working \u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eValue:\u003c/strong\u003e Dockerfile doesn't contain instruction 'HEALTHCHECK' \u003cbr\u003e\u003cstrong\u003eExcepted value:\u003c/strong\u003e Dockerfile should contain instruction 'HEALTHCHECK'"},"fullDescription":{"text":"Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working Value: Dockerfile doesn't contain instruction 'HEALTHCHECK' Excepted value: Dockerfile should contain instruction 'HEALTHCHECK'"},"properties":{"security-severity":"2.0","name":"Healthcheck Instruction Missing","id":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","description":"Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working Value: Dockerfile doesn't contain instruction 'HEALTHCHECK' Excepted value: Dockerfile should contain instruction 'HEALTHCHECK'","tags":["security","checkmarx","kics"]}},{"id":"4488286415414676575 (sast)","name":"Log Forging","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in retrieve at line 42 of /src/core/db.py.\n\nThis may enable Log Forging.\n\n","markdown":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in retrieve at line 42 of /src/core/db.py.\n\nThis may enable Log Forging.\n\n"},"fullDescription":{"text":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in retrieve at line 42 of /src/core/db.py.\n\nThis may enable Log Forging.\n\n"},"properties":{"security-severity":"2.0","name":"Log Forging","id":"4488286415414676575 (sast)","description":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in retrieve at line 42 of /src/core/db.py.\n\nThis may enable Log Forging.\n\n","tags":["security","checkmarx","sast"]}},{"id":"10308959669028119927 (sast)","name":"Use Of Hardcoded Password","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The application uses the hard-coded password \u0026#34;bankbank\u0026#34; for authentication purposes, either using it to verify users\u0026#39; identities, or to access another remote system. This password at line 13 of /src/main.py appears in the code, implying it is accessible to anyone with source code access, and cannot be changed without rebuilding the application.\n\n","markdown":"The application uses the hard-coded password \u0026#34;bankbank\u0026#34; for authentication purposes, either using it to verify users\u0026#39; identities, or to access another remote system. This password at line 13 of /src/main.py appears in the code, implying it is accessible to anyone with source code access, and cannot be changed without rebuilding the application.\n\n"},"fullDescription":{"text":"The application uses the hard-coded password \u0026#34;bankbank\u0026#34; for authentication purposes, either using it to verify users\u0026#39; identities, or to access another remote system. This password at line 13 of /src/main.py appears in the code, implying it is accessible to anyone with source code access, and cannot be changed without rebuilding the application.\n\n"},"properties":{"security-severity":"2.0","name":"Use Of Hardcoded Password","id":"10308959669028119927 (sast)","description":"The application uses the hard-coded password \u0026#34;bankbank\u0026#34; for authentication purposes, either using it to verify users\u0026#39; identities, or to access another remote system. This password at line 13 of /src/main.py appears in the code, implying it is accessible to anyone with source code access, and cannot be changed without rebuilding the application.\n\n","tags":["security","checkmarx","sast"]}},{"id":"13750392886636103427 (sast)","name":"Trust Boundary Violation in Session Variables","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in get_user_info at line 85 of /src/main.py. This constitutes a Trust Boundary Violation.","markdown":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in get_user_info at line 85 of /src/main.py. This constitutes a Trust Boundary Violation."},"fullDescription":{"text":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in get_user_info at line 85 of /src/main.py. This constitutes a Trust Boundary Violation."},"properties":{"security-severity":"2.0","name":"Trust Boundary Violation in Session Variables","id":"13750392886636103427 (sast)","description":"Method get_user_info at line 84 of /src/main.py gets user input from element headers. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in get_user_info at line 85 of /src/main.py. This constitutes a Trust Boundary Violation.","tags":["security","checkmarx","sast"]}},{"id":"CVE-2005-0406 (sca)","name":"Cve20050406","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.","markdown":"A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image."},"fullDescription":{"text":"A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image."},"properties":{"security-severity":"2.0","name":"Cve20050406","id":"CVE-2005-0406 (sca)","description":"A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2007-3719 (sca)","name":"Cve20073719","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"The process scheduler in the Linux kernel 2.6.16 gives preference to \u0026#34;interactive\u0026#34; processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \u0026#34;Secretly Monopolizing the CPU Without Superuser Privileges.\u0026#34;","markdown":"The process scheduler in the Linux kernel 2.6.16 gives preference to \u0026#34;interactive\u0026#34; processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \u0026#34;Secretly Monopolizing the CPU Without Superuser Privileges.\u0026#34;"},"fullDescription":{"text":"The process scheduler in the Linux kernel 2.6.16 gives preference to \u0026#34;interactive\u0026#34; processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \u0026#34;Secretly Monopolizing the CPU Without Superuser Privileges.\u0026#34;"},"properties":{"security-severity":"2.0","name":"Cve20073719","id":"CVE-2007-3719 (sca)","description":"The process scheduler in the Linux kernel 2.6.16 gives preference to \u0026#34;interactive\u0026#34; processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in \u0026#34;Secretly Monopolizing the CPU Without Superuser Privileges.\u0026#34;","tags":["security","checkmarx","sca"]}},{"id":"CVE-2008-2544 (sca)","name":"Cve20082544","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.","markdown":"Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise."},"fullDescription":{"text":"Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise."},"properties":{"security-severity":"2.0","name":"Cve20082544","id":"CVE-2008-2544 (sca)","description":"Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2011-4915 (sca)","name":"Cve20114915","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.","markdown":"fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts."},"fullDescription":{"text":"fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts."},"properties":{"security-severity":"2.0","name":"Cve20114915","id":"CVE-2011-4915 (sca)","description":"fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2011-4916 (sca)","name":"Cve20114916","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.","markdown":"Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*."},"fullDescription":{"text":"Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*."},"properties":{"security-severity":"2.0","name":"Cve20114916","id":"CVE-2011-4916 (sca)","description":"Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2011-4917 (sca)","name":"Cve20114917","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.","markdown":"In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat."},"fullDescription":{"text":"In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat."},"properties":{"security-severity":"2.0","name":"Cve20114917","id":"CVE-2011-4917 (sca)","description":"In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2013-4392 (sca)","name":"Cve20134392","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.","markdown":"systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files."},"fullDescription":{"text":"systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files."},"properties":{"security-severity":"2.0","name":"Cve20134392","id":"CVE-2013-4392 (sca)","description":"systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2015-2877 (sca)","name":"Cve20152877","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.  NOTE: the vendor states \u0026#34;Basically if you care about this attack vector, disable deduplication.\u0026#34; Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.","markdown":"** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.  NOTE: the vendor states \u0026#34;Basically if you care about this attack vector, disable deduplication.\u0026#34; Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities."},"fullDescription":{"text":"** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.  NOTE: the vendor states \u0026#34;Basically if you care about this attack vector, disable deduplication.\u0026#34; Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities."},"properties":{"security-severity":"2.0","name":"Cve20152877","id":"CVE-2015-2877 (sca)","description":"** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack.  NOTE: the vendor states \u0026#34;Basically if you care about this attack vector, disable deduplication.\u0026#34; Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2017-14159 (sca)","name":"Cve201714159","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \u0026#34;kill `cat /pathname`\u0026#34; command, as demonstrated by openldap-initscript.","markdown":"slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \u0026#34;kill `cat /pathname`\u0026#34; command, as demonstrated by openldap-initscript."},"fullDescription":{"text":"slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \u0026#34;kill `cat /pathname`\u0026#34; command, as demonstrated by openldap-initscript."},"properties":{"security-severity":"2.0","name":"Cve201714159","id":"CVE-2017-14159 (sca)","description":"slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \u0026#34;kill `cat /pathname`\u0026#34; command, as demonstrated by openldap-initscript.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2019-11191 (sca)","name":"Cve201911191","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.","markdown":"** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported."},"fullDescription":{"text":"** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported."},"properties":{"security-severity":"2.0","name":"Cve201911191","id":"CVE-2019-11191 (sca)","description":"** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. NOTE: the software maintainer disputes that this is a vulnerability because ASLR for a.out format executables has never been supported.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-14304 (sca)","name":"Cve202014304","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A memory disclosure flaw was found in the Linux kernel\u0026#39;s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.","markdown":"A memory disclosure flaw was found in the Linux kernel\u0026#39;s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality."},"fullDescription":{"text":"A memory disclosure flaw was found in the Linux kernel\u0026#39;s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality."},"properties":{"security-severity":"2.0","name":"Cve202014304","id":"CVE-2020-14304 (sca)","description":"A memory disclosure flaw was found in the Linux kernel\u0026#39;s ethernet drivers, in the way it read data from the EEPROM of the device. This flaw allows a local user to read uninitialized values from the kernel memory. The highest threat from this vulnerability is to confidentiality.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-26557 (sca)","name":"Cve202026557","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).","markdown":"Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."},"fullDescription":{"text":"Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time)."},"properties":{"security-severity":"2.0","name":"Cve202026557","id":"CVE-2020-26557 (sca)","description":"Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without possession of the AuthValue used in the provisioning protocol) to determine the AuthValue via a brute-force attack (unless the AuthValue is sufficiently random and changed each time).","tags":["security","checkmarx","sca"]}},{"id":"CVE-2020-35501 (sca)","name":"Cve202035501","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem","markdown":"A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem"},"fullDescription":{"text":"A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem"},"properties":{"security-severity":"2.0","name":"Cve202035501","id":"CVE-2020-35501 (sca)","description":"A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem","tags":["security","checkmarx","sca"]}},{"id":"CVE-2021-4217 (sca)","name":"Cve20214217","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. This issue affects versions through 6.0-21ubuntu1.1, 6.0-25ubuntu1, 6.0-26ubuntu1, 6.0-26ubuntu3, and 6.0-27ubuntu1.","markdown":"A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. This issue affects versions through 6.0-21ubuntu1.1, 6.0-25ubuntu1, 6.0-26ubuntu1, 6.0-26ubuntu3, and 6.0-27ubuntu1."},"fullDescription":{"text":"A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. This issue affects versions through 6.0-21ubuntu1.1, 6.0-25ubuntu1, 6.0-26ubuntu1, 6.0-26ubuntu3, and 6.0-27ubuntu1."},"properties":{"security-severity":"2.0","name":"Cve20214217","id":"CVE-2021-4217 (sca)","description":"A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. This issue affects versions through 6.0-21ubuntu1.1, 6.0-25ubuntu1, 6.0-26ubuntu1, 6.0-26ubuntu3, and 6.0-27ubuntu1.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-0563 (sca)","name":"Cve20220563","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \u0026#34;INPUTRC\u0026#34; environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.","markdown":"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \u0026#34;INPUTRC\u0026#34; environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."},"fullDescription":{"text":"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \u0026#34;INPUTRC\u0026#34; environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4."},"properties":{"security-severity":"2.0","name":"Cve20220563","id":"CVE-2022-0563 (sca)","description":"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \u0026#34;INPUTRC\u0026#34; environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2022-23825 (sca)","name":"Cve202223825","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.","markdown":"Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."},"fullDescription":{"text":"Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure."},"properties":{"security-severity":"2.0","name":"Cve202223825","id":"CVE-2022-23825 (sca)","description":"Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-23934 (sca)","name":"Cve202323934","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"Werkzeug is a comprehensive WSGI web application library. Browsers may allow \u0026#34;nameless\u0026#34; cookies that look like \u0026#34;=value\u0026#34; instead of \u0026#34;key=value\u0026#34;. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like \u0026#34;=__Host-test=bad\u0026#34; for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie \u0026#34;=__Host-test=bad\u0026#34; as \u0026#34;__Host-test=bad\u0026#34;. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.","markdown":"Werkzeug is a comprehensive WSGI web application library. Browsers may allow \u0026#34;nameless\u0026#34; cookies that look like \u0026#34;=value\u0026#34; instead of \u0026#34;key=value\u0026#34;. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like \u0026#34;=__Host-test=bad\u0026#34; for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie \u0026#34;=__Host-test=bad\u0026#34; as \u0026#34;__Host-test=bad\u0026#34;. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key."},"fullDescription":{"text":"Werkzeug is a comprehensive WSGI web application library. Browsers may allow \u0026#34;nameless\u0026#34; cookies that look like \u0026#34;=value\u0026#34; instead of \u0026#34;key=value\u0026#34;. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like \u0026#34;=__Host-test=bad\u0026#34; for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie \u0026#34;=__Host-test=bad\u0026#34; as \u0026#34;__Host-test=bad\u0026#34;. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key."},"properties":{"security-severity":"2.0","name":"Cve202323934","id":"CVE-2023-23934 (sca)","description":"Werkzeug is a comprehensive WSGI web application library. Browsers may allow \u0026#34;nameless\u0026#34; cookies that look like \u0026#34;=value\u0026#34; instead of \u0026#34;key=value\u0026#34;. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like \u0026#34;=__Host-test=bad\u0026#34; for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie \u0026#34;=__Host-test=bad\u0026#34; as \u0026#34;__Host-test=bad\u0026#34;. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-25815 (sca)","name":"Cve202325815","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function\u0026#39;s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. This vulnerability affects git package versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively, create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.","markdown":"In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function\u0026#39;s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. This vulnerability affects git package versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively, create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`."},"fullDescription":{"text":"In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function\u0026#39;s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. This vulnerability affects git package versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively, create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`."},"properties":{"security-severity":"2.0","name":"Cve202325815","id":"CVE-2023-25815 (sca)","description":"In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function\u0026#39;s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. This vulnerability affects git package versions prior to 2.30.9, 2.31.x prior to 2.31.8, 2.32.x prior to 2.32.7, 2.33.x prior to 2.33.8, 2.34.x prior to 2.34.8, 2.35.x prior to 2.35.8, 2.36.x prior to 2.36.6, 2.37.x prior to 2.37.7, 2.38.x prior to 2.38.5, 2.39.x prior to 2.39.3, and 2.40.x prior to 2.40.1. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively, create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`.","tags":["security","checkmarx","sca"]}},{"id":"CVE-2023-41175 (sca)","name":"Cve202341175","helpUri":"https://checkmarx.com/resource/documents/en/34965-67042-checkmarx-one.html","help":{"text":"A vulnerability was found in libtiff versions prior to v4.6.0rc1 due to multiple potential integer overflows in \u0026#34;raw2tiff.c\u0026#34;. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","markdown":"A vulnerability was found in libtiff versions prior to v4.6.0rc1 due to multiple potential integer overflows in \u0026#34;raw2tiff.c\u0026#34;. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."},"fullDescription":{"text":"A vulnerability was found in libtiff versions prior to v4.6.0rc1 due to multiple potential integer overflows in \u0026#34;raw2tiff.c\u0026#34;. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow."},"properties":{"security-severity":"2.0","name":"Cve202341175","id":"CVE-2023-41175 (sca)","description":"A vulnerability was found in libtiff versions prior to v4.6.0rc1 due to multiple potential integer overflows in \u0026#34;raw2tiff.c\u0026#34;. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.","tags":["security","checkmarx","sca"]}}]}},"results":[{"ruleId":"487f4be7-3fd9-4506-a07a-eae252180c08 [Taken from query_id] (kics)","level":"error","message":{"text":"Passwords And Secrets - Generic Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"openAPISpecBank.yaml"},"region":{"startLine":123,"startColumn":1,"endColumn":2}}}]},{"ruleId":"487f4be7-3fd9-4506-a07a-eae252180c08 [Taken from query_id] (kics)","level":"error","message":{"text":"Passwords And Secrets - Generic Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"openAPISpecBank.yaml"},"region":{"startLine":70,"startColumn":1,"endColumn":2}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":316,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":358,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"fd54f200-402c-4333-a5a4-36ef6709af2f [Taken from query_id] (kics)","level":"error","message":{"text":"Missing User Instruction"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"Dockerfile"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":236,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":244,"startColumn":79,"endColumn":86}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":244,"startColumn":9,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":245,"startColumn":39,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":38,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":266,"startColumn":25,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":266,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":267,"startColumn":142,"endColumn":155}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":267,"startColumn":9,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":268,"startColumn":36,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":30,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":100,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":93,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":117,"startColumn":23,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":174,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":30,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":224,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":227,"startColumn":89,"endColumn":98}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":227,"startColumn":9,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":228,"startColumn":19,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":238,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"17810866942529238742 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":258,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":16,"endColumn":23}}}]},{"ruleId":"CVE-2022-29217 (sca)","level":"error","message":{"text":"Python-PyJWT-2.1.0 (CVE-2022-29217)"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/requirements.txt"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"CVE-2023-25577 (sca)","level":"error","message":{"text":"Python-Werkzeug-2.0.1 (CVE-2023-25577)"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/requirements.txt"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"CVE-2023-30861 (sca)","level":"error","message":{"text":"Python-Flask-2.0.1 (CVE-2023-30861)"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/requirements.txt"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"9513a694-aa0d-41d8-be61-3271e056f36b [Taken from query_id] (kics)","level":"warning","message":{"text":"Add Instead of Copy"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"Dockerfile"},"region":{"startLine":2,"startColumn":1,"endColumn":2}}}]},{"ruleId":"9513a694-aa0d-41d8-be61-3271e056f36b [Taken from query_id] (kics)","level":"warning","message":{"text":"Add Instead of Copy"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"Dockerfile"},"region":{"startLine":3,"startColumn":1,"endColumn":2}}}]},{"ruleId":"f2f903fb-b977-461e-98d7-b3e2185c6118 [Taken from query_id] (kics)","level":"warning","message":{"text":"Pip install Keeping Cached Packages"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"02d9c71f-3ee8-4986-9c27-1a20d0d19bfc [Taken from query_id] (kics)","level":"warning","message":{"text":"Unpinned Package Version in Pip Install"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":197,"startColumn":43,"endColumn":53}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":37,"startColumn":5,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":50,"startColumn":94,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":50,"startColumn":9,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":51,"startColumn":19,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":201,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":211,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":23,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":201,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":203,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":203,"startColumn":13,"endColumn":18}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":41,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":86,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":89,"startColumn":72,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":89,"startColumn":5,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":90,"startColumn":24,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":41,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":100,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":93,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":117,"startColumn":23,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":13,"startColumn":1,"endColumn":11}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":52,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":34,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":162,"startColumn":89,"endColumn":94}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":162,"startColumn":9,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":163,"startColumn":19,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":13,"startColumn":1,"endColumn":11}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":41,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":86,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":89,"startColumn":72,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":89,"startColumn":5,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":90,"startColumn":24,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":211,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":23,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":23,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":15,"startColumn":1,"endColumn":11}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":201,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":203,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":203,"startColumn":13,"endColumn":18}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":15,"startColumn":1,"endColumn":11}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":190,"startColumn":34,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":190,"startColumn":30,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":190,"startColumn":13,"endColumn":18}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":15,"startColumn":1,"endColumn":11}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":201,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":211,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":23,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":212,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":50,"startColumn":94,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":50,"startColumn":9,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":51,"startColumn":19,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":190,"startColumn":34,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":190,"startColumn":30,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":190,"startColumn":13,"endColumn":18}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":52,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":34,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":162,"startColumn":89,"endColumn":94}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":162,"startColumn":9,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":163,"startColumn":19,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":343,"startColumn":101,"endColumn":114}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":343,"startColumn":9,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":344,"startColumn":19,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":196,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":197,"startColumn":43,"endColumn":53}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"12553559161661395516 (sast)","level":"warning","message":{"text":"Filtering Sensitive Logs"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":203,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":203,"startColumn":13,"endColumn":18}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":30,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":100,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":93,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":117,"startColumn":23,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":16,"endColumn":23}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":30,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":224,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":227,"startColumn":89,"endColumn":98}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":227,"startColumn":9,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":228,"startColumn":19,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":24,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":55,"startColumn":16,"endColumn":23}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":299,"startColumn":5,"endColumn":15}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":282,"startColumn":5,"endColumn":18}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":256,"startColumn":5,"endColumn":29}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":236,"startColumn":5,"endColumn":24}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":221,"startColumn":5,"endColumn":11}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":83,"startColumn":5,"endColumn":18}}}]},{"ruleId":"8400805859752228222 (sast)","level":"warning","message":{"text":"CSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":24,"startColumn":5,"endColumn":12}}}]},{"ruleId":"4418167693267818286 (sast)","level":"warning","message":{"text":"Path Traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"util/brute_force_jwt_token.py"},"region":{"startLine":48,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"util/brute_force_jwt_token.py"},"region":{"startLine":48,"startColumn":5,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"util/brute_force_jwt_token.py"},"region":{"startLine":51,"startColumn":70,"endColumn":78}}},{"physicalLocation":{"artifactLocation":{"uri":"util/brute_force_jwt_token.py"},"region":{"startLine":51,"startColumn":24,"endColumn":28}}}]},{"ruleId":"7929843929890808532 (sast)","level":"warning","message":{"text":"Missing HSTS Header"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":12,"startColumn":1,"endColumn":4}}}]},{"ruleId":"346558629760677672 (sast)","level":"warning","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":44,"startColumn":18,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":44,"startColumn":29,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":44,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":45,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":46,"startColumn":19,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":46,"startColumn":26,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":46,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":48,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":140,"startColumn":20,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":140,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":143,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":143,"startColumn":9,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":153,"startColumn":29,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":153,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":154,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":160,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":164,"startColumn":43,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":164,"startColumn":34,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":164,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":164,"startColumn":9,"endColumn":15}}}]},{"ruleId":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","level":"note","message":{"text":"Healthcheck Instruction Missing"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"Dockerfile"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":258,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":358,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":33,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":38,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":266,"startColumn":25,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":266,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":267,"startColumn":142,"endColumn":155}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":267,"startColumn":9,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":268,"startColumn":36,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":238,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":174,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":236,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":244,"startColumn":79,"endColumn":86}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":244,"startColumn":9,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":245,"startColumn":39,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":316,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":38,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":265,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":266,"startColumn":25,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":266,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":267,"startColumn":142,"endColumn":155}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":267,"startColumn":9,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":268,"startColumn":36,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":41,"startColumn":18,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":42,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":30,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":71,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":100,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":93,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":116,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":117,"startColumn":23,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"4488286415414676575 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":30,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":19,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":67,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":71,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":77,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":17,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":5,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":224,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":227,"startColumn":89,"endColumn":98}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":227,"startColumn":9,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":228,"startColumn":19,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":51,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":44,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"src/core/db.py"},"region":{"startLine":52,"startColumn":17,"endColumn":22}}}]},{"ruleId":"10308959669028119927 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":13,"startColumn":14,"endColumn":24}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":238,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":174,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":358,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":316,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":258,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":258,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":238,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":174,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":85,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":358,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":316,"startColumn":37,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":63,"startColumn":25,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":64,"startColumn":12,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":78,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":75,"startColumn":9,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":76,"startColumn":31,"endColumn":44}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":223,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":173,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":174,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":357,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":358,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":237,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":238,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":257,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":258,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":315,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":316,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":98,"startColumn":5,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":99,"startColumn":37,"endColumn":50}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":84,"startColumn":5,"endColumn":18}}}]},{"ruleId":"13750392886636103427 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":37,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"src/main.py"},"region":{"startLine":222,"startColumn":5,"endColumn":18}}}]},{"ruleId":"CVE-2023-23934 (sca)","level":"note","message":{"text":"Python-Werkzeug-2.0.1 (CVE-2023-23934)"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"src/requirements.txt"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]}]}]}