Skip to content

dockerhub.hi.inet evolved 5g certification 8bellsnetapp 8bellsnetapp 8b_netapp_adminer

Evolved5G edited this page Oct 23, 2023 · 1 revision

Scan of image: dockerhub.hi.inet/evolved-5g/certification/8bellsnetapp/8bellsnetapp-8b_netapp_adminer


Summary

Severity Number of vulnerabilities
CRITICAL 9
HIGH 78
MEDIUM 45
LOW 12

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
CRITICAL CVE-2021-36159 an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes apk-tools 2.12.1-r0 2.12.6-r0
CRITICAL CVE-2021-22945 curl: use-after-free and double-free in MQTT sending curl 7.74.0-r0 7.79.0-r0
CRITICAL CVE-2022-32207 Unpreserved file permissions curl 7.74.0-r0 7.79.1-r2
CRITICAL CVE-2021-3711 SM2 Decryption Buffer Overflow libcrypto1.1 1.1.1i-r0 1.1.1l-r0
CRITICAL CVE-2021-22945 curl: use-after-free and double-free in MQTT sending libcurl 7.74.0-r0 7.79.0-r0
CRITICAL CVE-2022-32207 Unpreserved file permissions libcurl 7.74.0-r0 7.79.1-r2
CRITICAL CVE-2021-3711 SM2 Decryption Buffer Overflow libssl1.1 1.1.1i-r0 1.1.1l-r0
CRITICAL CVE-2021-3711 SM2 Decryption Buffer Overflow openssl 1.1.1i-r0 1.1.1l-r0
CRITICAL CVE-2022-37434 heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra fie zlib 1.2.11-r3 1.2.12-r2
HIGH CVE-2021-30139 apk-tools 2.12.1-r0 2.12.5-r0
HIGH CVE-2021-28831 invalid free or segmentation fault via malformed gzip data busybox 1.32.1-r2 1.32.1-r4
HIGH CVE-2021-42378 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42379 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42380 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42381 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42382 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42383 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42384 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42385 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42386 use-after-free in awk applet leads to denial of service and possibly code execution when processing busybox 1.32.1-r2 1.32.1-r7
HIGH CVE-2022-28391 remote attackers may execute arbitrary code if netstat is used busybox 1.32.1-r2 1.32.1-r8
HIGH CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service busybox 1.32.1-r2 1.32.1-r9
HIGH CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend curl 7.74.0-r0 7.77.0-r0
HIGH CVE-2021-22946 Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols curl 7.74.0-r0 7.79.0-r0
HIGH CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use curl 7.74.0-r0 7.79.1-r1
HIGH CVE-2022-27775 curl: bad local IPv6 connection reuse curl 7.74.0-r0 7.79.1-r1
HIGH CVE-2022-27781 CERTINFO never-ending busy-loop curl 7.74.0-r0 7.79.1-r2
HIGH CVE-2022-27782 TLS and SSH connection too eager reuse curl 7.74.0-r0 7.79.1-r2
HIGH CVE-2021-23840 integer overflow in CipherUpdate libcrypto1.1 1.1.1i-r0 1.1.1j-r0
HIGH CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT libcrypto1.1 1.1.1i-r0 1.1.1k-r0
HIGH CVE-2021-3712 Read buffer overruns processing ASN.1 strings libcrypto1.1 1.1.1i-r0 1.1.1l-r0
HIGH CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates libcrypto1.1 1.1.1i-r0 1.1.1n-r0
HIGH CVE-2021-22901 curl: Use-after-free in TLS session handling when using OpenSSL TLS backend libcurl 7.74.0-r0 7.77.0-r0
HIGH CVE-2021-22946 Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols libcurl 7.74.0-r0 7.79.0-r0
HIGH CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use libcurl 7.74.0-r0 7.79.1-r1
HIGH CVE-2022-27775 curl: bad local IPv6 connection reuse libcurl 7.74.0-r0 7.79.1-r1
HIGH CVE-2022-27781 CERTINFO never-ending busy-loop libcurl 7.74.0-r0 7.79.1-r2
HIGH CVE-2022-27782 TLS and SSH connection too eager reuse libcurl 7.74.0-r0 7.79.1-r2
HIGH CVE-2020-36221 openldap: Integer underflow in serialNumberAndIssuerCheck in schema_init.c libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36222 openldap: Assertion failure in slapd in the saslAuthzTo validation libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36223 openldap: Out-of-bounds read in Values Return Filter libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36224 openldap: Invalid pointer free in the saslAuthzTo processing libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36225 openldap: Double free in the saslAuthzTo processing libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36226 openldap: Denial of service via length miscalculation in slap_parse_user libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36227 openldap: Infinite loop in slapd with the cancel_extop Cancel operation libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36228 openldap: Integer underflow in issuerAndThisUpdateCheck in schema_init.c libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36229 openldap: Type confusion in ad_keystring in ad.c libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2020-36230 openldap: Assertion failure in ber_next_element in decode.c libldap 2.4.56-r0 2.4.57-r0
HIGH CVE-2021-27212 Assertion failure in slapd in the issuerAndThisUpdateCheck function libldap 2.4.56-r0 2.4.57-r1
HIGH CVE-2021-23214 server processes unencrypted bytes from man-in-the-middle libpq 13.1-r2 13.5-r0
HIGH CVE-2021-32027 postgresql: Buffer overrun from integer overflow in array subscripting calculations libpq 13.1-r2 13.3-r0
HIGH CVE-2022-1552 Autovacuum, REINDEX, and others omit "security restricted operation" sandbox libpq 13.1-r2 13.7-r0
HIGH CVE-2022-2625 Extension scripts replace objects not belonging to the extension. libpq 13.1-r2 13.8-r0
HIGH CVE-2023-2454 schema_element defeats protective search_path changes libpq 13.1-r2 13.11-r0
HIGH CVE-2023-39417 extension script @substitutions@ within quoting allow SQL injection libpq 13.1-r2 13.12-r0
HIGH CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands libsasl 2.1.27-r10 2.1.28-r0
HIGH CVE-2021-23840 integer overflow in CipherUpdate libssl1.1 1.1.1i-r0 1.1.1j-r0
HIGH CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT libssl1.1 1.1.1i-r0 1.1.1k-r0
HIGH CVE-2021-3712 Read buffer overruns processing ASN.1 strings libssl1.1 1.1.1i-r0 1.1.1l-r0
HIGH CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates libssl1.1 1.1.1i-r0 1.1.1n-r0
HIGH CVE-2021-3517 libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c libxml2 2.9.10-r6 2.9.10-r7
HIGH CVE-2021-3518 libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c libxml2 2.9.10-r6 2.9.10-r7
HIGH CVE-2022-2309 lxml: NULL Pointer Dereference in lxml libxml2 2.9.10-r6 2.9.14-r1
HIGH CVE-2022-23308 Use-after-free of ID and IDREF attributes libxml2 2.9.10-r6 2.9.13-r0
HIGH CVE-2022-40303 integer overflows with XML_PARSE_HUGE libxml2 2.9.10-r6 2.9.14-r2
HIGH CVE-2022-40304 dict corruption caused by entity reference cycles libxml2 2.9.10-r6 2.9.14-r2
HIGH CVE-2022-29458 segfaulting OOB read ncurses-libs 6.2_p20210109-r0 6.2_p20210109-r1
HIGH CVE-2022-29458 segfaulting OOB read ncurses-terminfo-base 6.2_p20210109-r0 6.2_p20210109-r1
HIGH CVE-2021-23840 integer overflow in CipherUpdate openssl 1.1.1i-r0 1.1.1j-r0
HIGH CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT openssl 1.1.1i-r0 1.1.1k-r0
HIGH CVE-2021-3712 Read buffer overruns processing ASN.1 strings openssl 1.1.1i-r0 1.1.1l-r0
HIGH CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates openssl 1.1.1i-r0 1.1.1n-r0
HIGH CVE-2021-28831 invalid free or segmentation fault via malformed gzip data ssl_client 1.32.1-r2 1.32.1-r4
HIGH CVE-2021-42378 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42379 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42380 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42381 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42382 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42383 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42384 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42385 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2021-42386 use-after-free in awk applet leads to denial of service and possibly code execution when processing ssl_client 1.32.1-r2 1.32.1-r7
HIGH CVE-2022-28391 remote attackers may execute arbitrary code if netstat is used ssl_client 1.32.1-r2 1.32.1-r8
HIGH CVE-2022-30065 busybox: A use-after-free in Busybox's awk applet leads to denial of service ssl_client 1.32.1-r2 1.32.1-r9
HIGH CVE-2022-1271 arbitrary-file-write vulnerability xz 5.2.5-r0 5.2.5-r1
HIGH CVE-2022-1271 arbitrary-file-write vulnerability xz-libs 5.2.5-r0 5.2.5-r1
HIGH CVE-2018-25032 A flaw found in zlib when compressing (not decompressing) certain inputs zlib 1.2.11-r3 1.2.12-r0
MEDIUM CVE-2021-42374 out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZM busybox 1.32.1-r2 1.32.1-r7
MEDIUM CVE-2021-42375 incorrect handling of a special element in ash applet leads to denial of service when processing a c busybox 1.32.1-r2 1.32.1-r7
MEDIUM CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer curl 7.74.0-r0 7.76.0-r0
MEDIUM CVE-2021-22922 Content not matching hash in Metalink is not being discarded curl 7.74.0-r0 7.78.0-r0
MEDIUM CVE-2021-22923 Metalink download sends credentials curl 7.74.0-r0 7.78.0-r0
MEDIUM CVE-2021-22925 Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure curl 7.74.0-r0 7.78.0-r0
MEDIUM CVE-2021-22947 Server responses received before STARTTLS processed after TLS handshake curl 7.74.0-r0 7.79.0-r0
MEDIUM CVE-2022-27774 curl: credential leak on redirect curl 7.74.0-r0 7.79.1-r1
MEDIUM CVE-2022-27776 curl: auth/cookie leak on redirect curl 7.74.0-r0 7.79.1-r1
MEDIUM CVE-2022-32205 Set-Cookie denial of service curl 7.74.0-r0 7.79.1-r2
MEDIUM CVE-2022-32206 HTTP compression denial of service curl 7.74.0-r0 7.79.1-r2
MEDIUM CVE-2022-32208 FTP-KRB bad message verification curl 7.74.0-r0 7.79.1-r2
MEDIUM CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libcrypto1.1 1.1.1i-r0 1.1.1j-r0
MEDIUM CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing libcrypto1.1 1.1.1i-r0 1.1.1k-r0
MEDIUM CVE-2022-2097 AES OCB fails to encrypt some bytes libcrypto1.1 1.1.1i-r0 1.1.1q-r0
MEDIUM CVE-2021-22876 curl: Leak of authentication credentials in URL via automatic Referer libcurl 7.74.0-r0 7.76.0-r0
MEDIUM CVE-2021-22922 Content not matching hash in Metalink is not being discarded libcurl 7.74.0-r0 7.78.0-r0
MEDIUM CVE-2021-22923 Metalink download sends credentials libcurl 7.74.0-r0 7.78.0-r0
MEDIUM CVE-2021-22925 Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure libcurl 7.74.0-r0 7.78.0-r0
MEDIUM CVE-2021-22947 Server responses received before STARTTLS processed after TLS handshake libcurl 7.74.0-r0 7.79.0-r0
MEDIUM CVE-2022-27774 curl: credential leak on redirect libcurl 7.74.0-r0 7.79.1-r1
MEDIUM CVE-2022-27776 curl: auth/cookie leak on redirect libcurl 7.74.0-r0 7.79.1-r1
MEDIUM CVE-2022-32205 Set-Cookie denial of service libcurl 7.74.0-r0 7.79.1-r2
MEDIUM CVE-2022-32206 HTTP compression denial of service libcurl 7.74.0-r0 7.79.1-r2
MEDIUM CVE-2022-32208 FTP-KRB bad message verification libcurl 7.74.0-r0 7.79.1-r2
MEDIUM CVE-2021-20229 single-column SELECT privilege enables reading all columns libpq 13.1-r2 13.2-r0
MEDIUM CVE-2021-23222 libpq processes unencrypted bytes from man-in-the-middle libpq 13.1-r2 13.5-r0
MEDIUM CVE-2021-32028 postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE libpq 13.1-r2 13.3-r0
MEDIUM CVE-2021-32029 postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING libpq 13.1-r2 13.3-r0
MEDIUM CVE-2021-3393 postgresql: Partition constraint violation errors leak values of denied columns libpq 13.1-r2 13.2-r0
MEDIUM CVE-2021-3677 memory disclosure in certain queries libpq 13.1-r2 13.4-r0
MEDIUM CVE-2023-2455 row security policies disregard user ID changes after inlining. libpq 13.1-r2 13.11-r0
MEDIUM CVE-2023-39418 MERGE fails to enforce UPDATE or SELECT row security policies libpq 13.1-r2 13.12-r0
MEDIUM CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() libssl1.1 1.1.1i-r0 1.1.1j-r0
MEDIUM CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing libssl1.1 1.1.1i-r0 1.1.1k-r0
MEDIUM CVE-2022-2097 AES OCB fails to encrypt some bytes libssl1.1 1.1.1i-r0 1.1.1q-r0
MEDIUM CVE-2021-3537 NULL pointer dereference when post-validating mixed content parsed in recovery mode libxml2 2.9.10-r6 2.9.10-r7
MEDIUM CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms libxml2 2.9.10-r6 2.9.11-r0
MEDIUM CVE-2022-29824 integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write libxml2 2.9.10-r6 2.9.14-r0
MEDIUM CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() openssl 1.1.1i-r0 1.1.1j-r0
MEDIUM CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing openssl 1.1.1i-r0 1.1.1k-r0
MEDIUM CVE-2022-2097 AES OCB fails to encrypt some bytes openssl 1.1.1i-r0 1.1.1q-r0
MEDIUM CVE-2021-42374 out-of-bounds read in unlzma applet leads to information leak and denial of service when crafted LZM ssl_client 1.32.1-r2 1.32.1-r7
MEDIUM CVE-2021-42375 incorrect handling of a special element in ash applet leads to denial of service when processing a c ssl_client 1.32.1-r2 1.32.1-r7
MEDIUM CVE-2021-20193 tar: Memory leak in read_header() in list.c tar 1.33-r1 1.34-r0
LOW CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host curl 7.74.0-r0 7.76.0-r0
LOW CVE-2021-22898 TELNET stack contents disclosure curl 7.74.0-r0 7.77.0-r0
LOW CVE-2021-22924 Bad connection reuse due to flawed path name checks curl 7.74.0-r0 7.78.0-r0
LOW CVE-2022-35252 Incorrect handling of control code characters in cookies curl 7.74.0-r0 7.79.1-r3
LOW CVE-2021-23839 openssl: incorrect SSLv2 rollback protection libcrypto1.1 1.1.1i-r0 1.1.1j-r0
LOW CVE-2021-22890 curl: TLS 1.3 session ticket mix-up with HTTPS proxy host libcurl 7.74.0-r0 7.76.0-r0
LOW CVE-2021-22898 TELNET stack contents disclosure libcurl 7.74.0-r0 7.77.0-r0
LOW CVE-2021-22924 Bad connection reuse due to flawed path name checks libcurl 7.74.0-r0 7.78.0-r0
LOW CVE-2022-35252 Incorrect handling of control code characters in cookies libcurl 7.74.0-r0 7.79.1-r3
LOW CVE-2022-41862 Client memory disclosure when connecting with Kerberos to modified server libpq 13.1-r2 13.11-r0
LOW CVE-2021-23839 openssl: incorrect SSLv2 rollback protection libssl1.1 1.1.1i-r0 1.1.1j-r0
LOW CVE-2021-23839 openssl: incorrect SSLv2 rollback protection openssl 1.1.1i-r0 1.1.1j-r0

Date: 2023-10-23