LAYER: meta
PACKAGE NAME: valgrind
PACKAGE VERSION: 3.22.0
CVE: CVE-2008-4865
CVE STATUS: Patched
CVE SUMMARY: Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options.  NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
CVSS v2 BASE SCORE: 7.2
CVSS v3 BASE SCORE: 0.0
VECTOR: LOCAL
VECTORSTRING: AV:L/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2008-4865

LAYER: meta
PACKAGE NAME: valgrind
PACKAGE VERSION: 3.22.0
CVE: CVE-2020-2245
CVE STATUS: Patched
CVE SUMMARY: Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVSS v2 BASE SCORE: 5.5
CVSS v3 BASE SCORE: 7.1
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:S/C:P/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2245

LAYER: meta
PACKAGE NAME: valgrind
PACKAGE VERSION: 3.22.0
CVE: CVE-2020-2246
CVE STATUS: Patched
CVE SUMMARY: Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Valgrind XML reports, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control Valgrind XML report contents.
CVSS v2 BASE SCORE: 3.5
CVSS v3 BASE SCORE: 5.4
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:M/Au:S/C:N/I:P/A:N
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2020-2246