-
Notifications
You must be signed in to change notification settings - Fork 0
dockerhub.hi.inet evolved 5g certification 8bellsnetapp 8bellsnetapp 8b_netapp_adminer
Evolved5G edited this page Oct 23, 2023
·
1 revision
Scan of image: dockerhub.hi.inet/evolved-5g/certification/8bellsnetapp/8bellsnetapp-8b_netapp_adminer
Severity | Number of vulnerabilities |
---|---|
CRITICAL | 9 |
HIGH | 78 |
MEDIUM | 45 |
LOW | 12 |
Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
---|---|---|---|---|---|
CRITICAL | CVE-2021-36159 | an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes | apk-tools | 2.12.1-r0 | 2.12.6-r0 |
CRITICAL | CVE-2021-22945 | curl: use-after-free and double-free in MQTT sending | curl | 7.74.0-r0 | 7.79.0-r0 |
CRITICAL | CVE-2022-32207 | Unpreserved file permissions | curl | 7.74.0-r0 | 7.79.1-r2 |
CRITICAL | CVE-2021-3711 | SM2 Decryption Buffer Overflow | libcrypto1.1 | 1.1.1i-r0 | 1.1.1l-r0 |
CRITICAL | CVE-2021-22945 | curl: use-after-free and double-free in MQTT sending | libcurl | 7.74.0-r0 | 7.79.0-r0 |
CRITICAL | CVE-2022-32207 | Unpreserved file permissions | libcurl | 7.74.0-r0 | 7.79.1-r2 |
CRITICAL | CVE-2021-3711 | SM2 Decryption Buffer Overflow | libssl1.1 | 1.1.1i-r0 | 1.1.1l-r0 |
CRITICAL | CVE-2021-3711 | SM2 Decryption Buffer Overflow | openssl | 1.1.1i-r0 | 1.1.1l-r0 |
CRITICAL | CVE-2022-37434 | heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra fie | zlib | 1.2.11-r3 | 1.2.12-r2 |
HIGH | CVE-2021-30139 | apk-tools | 2.12.1-r0 | 2.12.5-r0 | |
HIGH | CVE-2021-28831 | invalid free or segmentation fault via malformed gzip data | busybox | 1.32.1-r2 | 1.32.1-r4 |
HIGH | CVE-2021-42378 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42379 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42380 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42381 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42382 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42383 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42384 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42385 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42386 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | busybox | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2022-28391 | remote attackers may execute arbitrary code if netstat is used | busybox | 1.32.1-r2 | 1.32.1-r8 |
HIGH | CVE-2022-30065 | busybox: A use-after-free in Busybox's awk applet leads to denial of service | busybox | 1.32.1-r2 | 1.32.1-r9 |
HIGH | CVE-2021-22901 | curl: Use-after-free in TLS session handling when using OpenSSL TLS backend | curl | 7.74.0-r0 | 7.77.0-r0 |
HIGH | CVE-2021-22946 | Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols | curl | 7.74.0-r0 | 7.79.0-r0 |
HIGH | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | curl | 7.74.0-r0 | 7.79.1-r1 |
HIGH | CVE-2022-27775 | curl: bad local IPv6 connection reuse | curl | 7.74.0-r0 | 7.79.1-r1 |
HIGH | CVE-2022-27781 | CERTINFO never-ending busy-loop | curl | 7.74.0-r0 | 7.79.1-r2 |
HIGH | CVE-2022-27782 | TLS and SSH connection too eager reuse | curl | 7.74.0-r0 | 7.79.1-r2 |
HIGH | CVE-2021-23840 | integer overflow in CipherUpdate | libcrypto1.1 | 1.1.1i-r0 | 1.1.1j-r0 |
HIGH | CVE-2021-3450 | openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT | libcrypto1.1 | 1.1.1i-r0 | 1.1.1k-r0 |
HIGH | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | libcrypto1.1 | 1.1.1i-r0 | 1.1.1l-r0 |
HIGH | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | libcrypto1.1 | 1.1.1i-r0 | 1.1.1n-r0 |
HIGH | CVE-2021-22901 | curl: Use-after-free in TLS session handling when using OpenSSL TLS backend | libcurl | 7.74.0-r0 | 7.77.0-r0 |
HIGH | CVE-2021-22946 | Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols | libcurl | 7.74.0-r0 | 7.79.0-r0 |
HIGH | CVE-2022-22576 | curl: OAUTH2 bearer bypass in connection re-use | libcurl | 7.74.0-r0 | 7.79.1-r1 |
HIGH | CVE-2022-27775 | curl: bad local IPv6 connection reuse | libcurl | 7.74.0-r0 | 7.79.1-r1 |
HIGH | CVE-2022-27781 | CERTINFO never-ending busy-loop | libcurl | 7.74.0-r0 | 7.79.1-r2 |
HIGH | CVE-2022-27782 | TLS and SSH connection too eager reuse | libcurl | 7.74.0-r0 | 7.79.1-r2 |
HIGH | CVE-2020-36221 | openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36222 | openldap: Assertion failure in slapd in the saslAuthzTo validation | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36223 | openldap: Out-of-bounds read in Values Return Filter | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36224 | openldap: Invalid pointer free in the saslAuthzTo processing | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36225 | openldap: Double free in the saslAuthzTo processing | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36226 | openldap: Denial of service via length miscalculation in slap_parse_user | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36227 | openldap: Infinite loop in slapd with the cancel_extop Cancel operation | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36228 | openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36229 | openldap: Type confusion in ad_keystring in ad.c | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2020-36230 | openldap: Assertion failure in ber_next_element in decode.c | libldap | 2.4.56-r0 | 2.4.57-r0 |
HIGH | CVE-2021-27212 | Assertion failure in slapd in the issuerAndThisUpdateCheck function | libldap | 2.4.56-r0 | 2.4.57-r1 |
HIGH | CVE-2021-23214 | server processes unencrypted bytes from man-in-the-middle | libpq | 13.1-r2 | 13.5-r0 |
HIGH | CVE-2021-32027 | postgresql: Buffer overrun from integer overflow in array subscripting calculations | libpq | 13.1-r2 | 13.3-r0 |
HIGH | CVE-2022-1552 | Autovacuum, REINDEX, and others omit "security restricted operation" sandbox | libpq | 13.1-r2 | 13.7-r0 |
HIGH | CVE-2022-2625 | Extension scripts replace objects not belonging to the extension. | libpq | 13.1-r2 | 13.8-r0 |
HIGH | CVE-2023-2454 | schema_element defeats protective search_path changes | libpq | 13.1-r2 | 13.11-r0 |
HIGH | CVE-2023-39417 | extension script @substitutions@ within quoting allow SQL injection | libpq | 13.1-r2 | 13.12-r0 |
HIGH | CVE-2022-24407 | failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands | libsasl | 2.1.27-r10 | 2.1.28-r0 |
HIGH | CVE-2021-23840 | integer overflow in CipherUpdate | libssl1.1 | 1.1.1i-r0 | 1.1.1j-r0 |
HIGH | CVE-2021-3450 | openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT | libssl1.1 | 1.1.1i-r0 | 1.1.1k-r0 |
HIGH | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | libssl1.1 | 1.1.1i-r0 | 1.1.1l-r0 |
HIGH | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | libssl1.1 | 1.1.1i-r0 | 1.1.1n-r0 |
HIGH | CVE-2021-3517 | libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c | libxml2 | 2.9.10-r6 | 2.9.10-r7 |
HIGH | CVE-2021-3518 | libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c | libxml2 | 2.9.10-r6 | 2.9.10-r7 |
HIGH | CVE-2022-2309 | lxml: NULL Pointer Dereference in lxml | libxml2 | 2.9.10-r6 | 2.9.14-r1 |
HIGH | CVE-2022-23308 | Use-after-free of ID and IDREF attributes | libxml2 | 2.9.10-r6 | 2.9.13-r0 |
HIGH | CVE-2022-40303 | integer overflows with XML_PARSE_HUGE | libxml2 | 2.9.10-r6 | 2.9.14-r2 |
HIGH | CVE-2022-40304 | dict corruption caused by entity reference cycles | libxml2 | 2.9.10-r6 | 2.9.14-r2 |
HIGH | CVE-2022-29458 | segfaulting OOB read | ncurses-libs | 6.2_p20210109-r0 | 6.2_p20210109-r1 |
HIGH | CVE-2022-29458 | segfaulting OOB read | ncurses-terminfo-base | 6.2_p20210109-r0 | 6.2_p20210109-r1 |
HIGH | CVE-2021-23840 | integer overflow in CipherUpdate | openssl | 1.1.1i-r0 | 1.1.1j-r0 |
HIGH | CVE-2021-3450 | openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT | openssl | 1.1.1i-r0 | 1.1.1k-r0 |
HIGH | CVE-2021-3712 | Read buffer overruns processing ASN.1 strings | openssl | 1.1.1i-r0 | 1.1.1l-r0 |
HIGH | CVE-2022-0778 | Infinite loop in BN_mod_sqrt() reachable when parsing certificates | openssl | 1.1.1i-r0 | 1.1.1n-r0 |
HIGH | CVE-2021-28831 | invalid free or segmentation fault via malformed gzip data | ssl_client | 1.32.1-r2 | 1.32.1-r4 |
HIGH | CVE-2021-42378 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42379 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42380 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42381 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42382 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42383 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42384 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42385 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2021-42386 | use-after-free in awk applet leads to denial of service and possibly code execution when processing | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
HIGH | CVE-2022-28391 | remote attackers may execute arbitrary code if netstat is used | ssl_client | 1.32.1-r2 | 1.32.1-r8 |
HIGH | CVE-2022-30065 | busybox: A use-after-free in Busybox's awk applet leads to denial of service | ssl_client | 1.32.1-r2 | 1.32.1-r9 |
HIGH | CVE-2022-1271 | arbitrary-file-write vulnerability | xz | 5.2.5-r0 | 5.2.5-r1 |
HIGH | CVE-2022-1271 | arbitrary-file-write vulnerability | xz-libs | 5.2.5-r0 | 5.2.5-r1 |
HIGH | CVE-2018-25032 | A flaw found in zlib when compressing (not decompressing) certain inputs | zlib | 1.2.11-r3 | 1.2.12-r0 |
MEDIUM | CVE-2021-42374 | out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZM | busybox | 1.32.1-r2 | 1.32.1-r7 |
MEDIUM | CVE-2021-42375 | incorrect handling of a special element in ash applet leads to denial of service when processing a c | busybox | 1.32.1-r2 | 1.32.1-r7 |
MEDIUM | CVE-2021-22876 | curl: Leak of authentication credentials in URL via automatic Referer | curl | 7.74.0-r0 | 7.76.0-r0 |
MEDIUM | CVE-2021-22922 | Content not matching hash in Metalink is not being discarded | curl | 7.74.0-r0 | 7.78.0-r0 |
MEDIUM | CVE-2021-22923 | Metalink download sends credentials | curl | 7.74.0-r0 | 7.78.0-r0 |
MEDIUM | CVE-2021-22925 | Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure | curl | 7.74.0-r0 | 7.78.0-r0 |
MEDIUM | CVE-2021-22947 | Server responses received before STARTTLS processed after TLS handshake | curl | 7.74.0-r0 | 7.79.0-r0 |
MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | curl | 7.74.0-r0 | 7.79.1-r1 |
MEDIUM | CVE-2022-27776 | curl: auth/cookie leak on redirect | curl | 7.74.0-r0 | 7.79.1-r1 |
MEDIUM | CVE-2022-32205 | Set-Cookie denial of service | curl | 7.74.0-r0 | 7.79.1-r2 |
MEDIUM | CVE-2022-32206 | HTTP compression denial of service | curl | 7.74.0-r0 | 7.79.1-r2 |
MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | curl | 7.74.0-r0 | 7.79.1-r2 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libcrypto1.1 | 1.1.1i-r0 | 1.1.1j-r0 |
MEDIUM | CVE-2021-3449 | openssl: NULL pointer dereference in signature_algorithms processing | libcrypto1.1 | 1.1.1i-r0 | 1.1.1k-r0 |
MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | libcrypto1.1 | 1.1.1i-r0 | 1.1.1q-r0 |
MEDIUM | CVE-2021-22876 | curl: Leak of authentication credentials in URL via automatic Referer | libcurl | 7.74.0-r0 | 7.76.0-r0 |
MEDIUM | CVE-2021-22922 | Content not matching hash in Metalink is not being discarded | libcurl | 7.74.0-r0 | 7.78.0-r0 |
MEDIUM | CVE-2021-22923 | Metalink download sends credentials | libcurl | 7.74.0-r0 | 7.78.0-r0 |
MEDIUM | CVE-2021-22925 | Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure | libcurl | 7.74.0-r0 | 7.78.0-r0 |
MEDIUM | CVE-2021-22947 | Server responses received before STARTTLS processed after TLS handshake | libcurl | 7.74.0-r0 | 7.79.0-r0 |
MEDIUM | CVE-2022-27774 | curl: credential leak on redirect | libcurl | 7.74.0-r0 | 7.79.1-r1 |
MEDIUM | CVE-2022-27776 | curl: auth/cookie leak on redirect | libcurl | 7.74.0-r0 | 7.79.1-r1 |
MEDIUM | CVE-2022-32205 | Set-Cookie denial of service | libcurl | 7.74.0-r0 | 7.79.1-r2 |
MEDIUM | CVE-2022-32206 | HTTP compression denial of service | libcurl | 7.74.0-r0 | 7.79.1-r2 |
MEDIUM | CVE-2022-32208 | FTP-KRB bad message verification | libcurl | 7.74.0-r0 | 7.79.1-r2 |
MEDIUM | CVE-2021-20229 | single-column SELECT privilege enables reading all columns | libpq | 13.1-r2 | 13.2-r0 |
MEDIUM | CVE-2021-23222 | libpq processes unencrypted bytes from man-in-the-middle | libpq | 13.1-r2 | 13.5-r0 |
MEDIUM | CVE-2021-32028 | postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE | libpq | 13.1-r2 | 13.3-r0 |
MEDIUM | CVE-2021-32029 | postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING | libpq | 13.1-r2 | 13.3-r0 |
MEDIUM | CVE-2021-3393 | postgresql: Partition constraint violation errors leak values of denied columns | libpq | 13.1-r2 | 13.2-r0 |
MEDIUM | CVE-2021-3677 | memory disclosure in certain queries | libpq | 13.1-r2 | 13.4-r0 |
MEDIUM | CVE-2023-2455 | row security policies disregard user ID changes after inlining. | libpq | 13.1-r2 | 13.11-r0 |
MEDIUM | CVE-2023-39418 | MERGE fails to enforce UPDATE or SELECT row security policies | libpq | 13.1-r2 | 13.12-r0 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | libssl1.1 | 1.1.1i-r0 | 1.1.1j-r0 |
MEDIUM | CVE-2021-3449 | openssl: NULL pointer dereference in signature_algorithms processing | libssl1.1 | 1.1.1i-r0 | 1.1.1k-r0 |
MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | libssl1.1 | 1.1.1i-r0 | 1.1.1q-r0 |
MEDIUM | CVE-2021-3537 | NULL pointer dereference when post-validating mixed content parsed in recovery mode | libxml2 | 2.9.10-r6 | 2.9.10-r7 |
MEDIUM | CVE-2021-3541 | libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms | libxml2 | 2.9.10-r6 | 2.9.11-r0 |
MEDIUM | CVE-2022-29824 | integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write | libxml2 | 2.9.10-r6 | 2.9.14-r0 |
MEDIUM | CVE-2021-23841 | openssl: NULL pointer dereference in X509_issuer_and_serial_hash() | openssl | 1.1.1i-r0 | 1.1.1j-r0 |
MEDIUM | CVE-2021-3449 | openssl: NULL pointer dereference in signature_algorithms processing | openssl | 1.1.1i-r0 | 1.1.1k-r0 |
MEDIUM | CVE-2022-2097 | AES OCB fails to encrypt some bytes | openssl | 1.1.1i-r0 | 1.1.1q-r0 |
MEDIUM | CVE-2021-42374 | out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZM | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
MEDIUM | CVE-2021-42375 | incorrect handling of a special element in ash applet leads to denial of service when processing a c | ssl_client | 1.32.1-r2 | 1.32.1-r7 |
MEDIUM | CVE-2021-20193 | tar: Memory leak in read_header() in list.c | tar | 1.33-r1 | 1.34-r0 |
LOW | CVE-2021-22890 | curl: TLS 1.3 session ticket mix-up with HTTPS proxy host | curl | 7.74.0-r0 | 7.76.0-r0 |
LOW | CVE-2021-22898 | TELNET stack contents disclosure | curl | 7.74.0-r0 | 7.77.0-r0 |
LOW | CVE-2021-22924 | Bad connection reuse due to flawed path name checks | curl | 7.74.0-r0 | 7.78.0-r0 |
LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | curl | 7.74.0-r0 | 7.79.1-r3 |
LOW | CVE-2021-23839 | openssl: incorrect SSLv2 rollback protection | libcrypto1.1 | 1.1.1i-r0 | 1.1.1j-r0 |
LOW | CVE-2021-22890 | curl: TLS 1.3 session ticket mix-up with HTTPS proxy host | libcurl | 7.74.0-r0 | 7.76.0-r0 |
LOW | CVE-2021-22898 | TELNET stack contents disclosure | libcurl | 7.74.0-r0 | 7.77.0-r0 |
LOW | CVE-2021-22924 | Bad connection reuse due to flawed path name checks | libcurl | 7.74.0-r0 | 7.78.0-r0 |
LOW | CVE-2022-35252 | Incorrect handling of control code characters in cookies | libcurl | 7.74.0-r0 | 7.79.1-r3 |
LOW | CVE-2022-41862 | Client memory disclosure when connecting with Kerberos to modified server | libpq | 13.1-r2 | 13.11-r0 |
LOW | CVE-2021-23839 | openssl: incorrect SSLv2 rollback protection | libssl1.1 | 1.1.1i-r0 | 1.1.1j-r0 |
LOW | CVE-2021-23839 | openssl: incorrect SSLv2 rollback protection | openssl | 1.1.1i-r0 | 1.1.1j-r0 |
Date: 2023-10-23