-
Notifications
You must be signed in to change notification settings - Fork 0
dockerhub.hi.inet evolved 5g certification umacsicnetapp umacsicnetapp netapp
Evolved5G edited this page Oct 31, 2023
·
3 revisions
Severity | Number of vulnerabilities |
---|---|
CRITICAL | 2 |
HIGH | 22 |
MEDIUM | 27 |
LOW | 75 |
Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
---|---|---|---|---|---|
CRITICAL | CVE-2019-8457 | heap out-of-bound read in function rtreenode() | libdb5.3 | 5.3.28+dfsg1-0.8 | |
CRITICAL | CVE-2023-45853 | integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 | zlib1g | 1:1.2.11.dfsg-2+deb11u2 | |
HIGH | CVE-2022-3715 | a heap-buffer-overflow in valid_parameter_transform | bash | 5.1-2+deb11u1 | |
HIGH | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | e2fsprogs | 1.46.2-2 | |
HIGH | CVE-2023-4911 | buffer overflow in ld.so leading to privilege escalation | libc-bin | 2.31-13+deb11u6 | 2.31-13+deb11u7 |
HIGH | CVE-2023-4911 | buffer overflow in ld.so leading to privilege escalation | libc6 | 2.31-13+deb11u6 | 2.31-13+deb11u7 |
HIGH | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libcom-err2 | 1.46.2-2 | |
HIGH | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libext2fs2 | 1.46.2-2 | |
HIGH | CVE-2021-33560 | mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack ag | libgcrypt20 | 1.8.7-6 | |
HIGH | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | libncursesw6 | 6.2+20201114-2+deb11u1 | 6.2+20201114-2+deb11u2 |
HIGH | CVE-2021-31239 | denial of service via the appendvfs.c function | libsqlite3-0 | 3.34.1-3 | |
HIGH | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | libss2 | 1.46.2-2 | |
HIGH | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | libssl1.1 | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
HIGH | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | libtinfo6 | 6.2+20201114-2+deb11u1 | 6.2+20201114-2+deb11u2 |
HIGH | CVE-2022-4899 | buffer overrun in util.c | libzstd1 | 1.4.8+dfsg-2.1 | |
HIGH | CVE-2022-1304 | out-of-bounds read/write via crafted filesystem | logsave | 1.46.2-2 | |
HIGH | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | ncurses-base | 6.2+20201114-2+deb11u1 | 6.2+20201114-2+deb11u2 |
HIGH | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | ncurses-bin | 6.2+20201114-2+deb11u1 | 6.2+20201114-2+deb11u2 |
HIGH | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | openssl | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
HIGH | CVE-2020-16156 | Bypass of verification of signatures in CHECKSUMS files | perl-base | 5.32.1-4+deb11u2 | |
HIGH | CVE-2023-31484 | CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS | perl-base | 5.32.1-4+deb11u2 | |
HIGH | CVE-2023-37920 | Removal of e-Tugra root certificate | certifi | 2021.10.8 | 2023.7.22 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | cryptography | 38.0.4 | 39.0.1 |
HIGH | CVE-2022-40898 | remote attackers can cause denial of service via attacker controlled input to wheel cli | wheel | 0.36.2 | 0.38.1 |
MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | gcc-10-base | 10.2.1-6 | |
MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | gcc-9-base | 9.3.0-22 | |
MEDIUM | CVE-2023-4806 | potential use-after-free in getaddrinfo() | libc-bin | 2.31-13+deb11u6 | |
MEDIUM | CVE-2023-4813 | potential use-after-free in gaih_inet() | libc-bin | 2.31-13+deb11u6 | |
MEDIUM | CVE-2023-4806 | potential use-after-free in getaddrinfo() | libc6 | 2.31-13+deb11u6 | |
MEDIUM | CVE-2023-4813 | potential use-after-free in gaih_inet() | libc6 | 2.31-13+deb11u6 | |
MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | libgcc-s1 | 10.2.1-6 | |
MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libgssapi-krb5-2 | 1.18.3-6+deb11u3 | 1.18.3-6+deb11u4 |
MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libk5crypto3 | 1.18.3-6+deb11u3 | 1.18.3-6+deb11u4 |
MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libkrb5-3 | 1.18.3-6+deb11u3 | 1.18.3-6+deb11u4 |
MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libkrb5support0 | 1.18.3-6+deb11u3 | 1.18.3-6+deb11u4 |
MEDIUM | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | libssl1.1 | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
MEDIUM | CVE-2023-0466 | Certificate policy check not enabled | libssl1.1 | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
MEDIUM | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | libssl1.1 | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
MEDIUM | CVE-2023-3446 | Excessive time spent checking DH keys and parameters | libssl1.1 | 1.1.1n-0+deb11u4 | 1.1.1v-0~deb11u1 |
MEDIUM | CVE-2023-3817 | Excessive time spent checking DH q parameter value | libssl1.1 | 1.1.1n-0+deb11u4 | 1.1.1v-0~deb11u1 |
MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | libstdc++6 | 10.2.1-6 | |
MEDIUM | CVE-2023-4641 | possible password leak during passwd(1) change | login | 1:4.8.1-1 | |
MEDIUM | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | openssl | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
MEDIUM | CVE-2023-0466 | Certificate policy check not enabled | openssl | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
MEDIUM | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | openssl | 1.1.1n-0+deb11u4 | 1.1.1n-0+deb11u5 |
MEDIUM | CVE-2023-3446 | Excessive time spent checking DH keys and parameters | openssl | 1.1.1n-0+deb11u4 | 1.1.1v-0~deb11u1 |
MEDIUM | CVE-2023-3817 | Excessive time spent checking DH q parameter value | openssl | 1.1.1n-0+deb11u4 | 1.1.1v-0~deb11u1 |
MEDIUM | CVE-2023-4641 | possible password leak during passwd(1) change | passwd | 1:4.8.1-1 | |
MEDIUM | CVE-2022-23491 | untrusted root certificates | certifi | 2021.10.8 | 2022.12.07 |
MEDIUM | CVE-2023-23931 | memory corruption via immutable objects | cryptography | 38.0.4 | 39.0.1 |
MEDIUM | CVE-2023-32681 | Unintended leak of Proxy-Authorization header | requests | 2.26.0 | 2.31.0 |
LOW | CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly valid ... | apt | 2.2.4 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | bsdutils | 1:2.36.1-8+deb11u1 | |
LOW | CVE-2016-2781 | coreutils: Non-privileged session can escape to the parent session in chroot | coreutils | 8.32-4+b1 | |
LOW | CVE-2017-18018 | coreutils: race condition vulnerability in chown and chgrp | coreutils | 8.32-4+b1 | |
LOW | CVE-2022-3219 | denial of service issue (resource consumption) using compressed packets | gpgv | 2.2.27-2+deb11u2 | |
LOW | CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly valid ... | libapt-pkg6.0 | 2.2.4 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libblkid1 | 2.36.1-8+deb11u1 | |
LOW | CVE-2010-4756 | glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2018-20796 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010022 | glibc: stack guard protection bypass | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010023 | glibc: running ldd on malicious ELF leads to code execution because of wrong size computation | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010024 | glibc: ASLR bypass using cache of thread stack and heap | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010025 | glibc: information disclosure of heap addresses of pthread_created thread | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2019-9192 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc-bin | 2.31-13+deb11u6 | |
LOW | CVE-2010-4756 | glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2018-20796 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010022 | glibc: stack guard protection bypass | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010023 | glibc: running ldd on malicious ELF leads to code execution because of wrong size computation | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010024 | glibc: ASLR bypass using cache of thread stack and heap | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2019-1010025 | glibc: information disclosure of heap addresses of pthread_created thread | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2019-9192 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc6 | 2.31-13+deb11u6 | |
LOW | CVE-2013-0340 | expat: internal entity expansion | libexpat1 | 2.2.10-2+deb11u5 | |
LOW | CVE-2018-6829 | libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintex | libgcrypt20 | 1.8.7-6 | |
LOW | CVE-2011-3389 | HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) | libgnutls30 | 3.7.1-5+deb11u3 | |
LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libgssapi-krb5-2 | 1.18.3-6+deb11u3 | |
LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libk5crypto3 | 1.18.3-6+deb11u3 | |
LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libkrb5-3 | 1.18.3-6+deb11u3 | |
LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libkrb5support0 | 1.18.3-6+deb11u3 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libmount1 | 2.36.1-8+deb11u1 | |
LOW | CVE-2022-41409 | Integer overflow vulnerability in pcre2test before 10.41 allows attack ... | libpcre2-8-0 | 10.36-2+deb11u1 | |
LOW | CVE-2017-11164 | OP_KETRMAX feature in the match function in pcre_exec.c | libpcre3 | 2:8.39-13 | |
LOW | CVE-2017-16231 | pcre: self-recursive call in match() in pcre_exec.c leads to denial of service | libpcre3 | 2:8.39-13 | |
LOW | CVE-2017-7245 | stack-based buffer overflow write in pcre32_copy_substring | libpcre3 | 2:8.39-13 | |
LOW | CVE-2017-7246 | stack-based buffer overflow write in pcre32_copy_substring | libpcre3 | 2:8.39-13 | |
LOW | CVE-2019-20838 | pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 | libpcre3 | 2:8.39-13 | |
LOW | CVE-2021-36084 | libsepol: use-after-free in __cil_verify_classperms() | libsepol1 | 3.1-1 | |
LOW | CVE-2021-36085 | libsepol: use-after-free in __cil_verify_classperms() | libsepol1 | 3.1-1 | |
LOW | CVE-2021-36086 | use-after-free in cil_reset_classpermission() | libsepol1 | 3.1-1 | |
LOW | CVE-2021-36087 | libsepol: heap-based buffer overflow in ebitmap_match_any() | libsepol1 | 3.1-1 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libsmartcols1 | 2.36.1-8+deb11u1 | |
LOW | CVE-2021-36690 | A segmentation fault can occur in the sqlite3.exe command-line compone ... | libsqlite3-0 | 3.34.1-3 | |
LOW | CVE-2021-45346 | sqlite: crafted SQL query allows a malicious user to obtain sensitive information | libsqlite3-0 | 3.34.1-3 | |
LOW | CVE-2022-35737 | an array-bounds overflow if billions of bytes are used in a string argument to a C API | libsqlite3-0 | 3.34.1-3 | |
LOW | CVE-2007-6755 | Dual_EC_DRBG: weak pseudo random number generator | libssl1.1 | 1.1.1n-0+deb11u4 | |
LOW | CVE-2010-0928 | openssl: RSA authentication weakness | libssl1.1 | 1.1.1n-0+deb11u4 | |
LOW | CVE-2013-4392 | TOCTOU race condition when updating file permissions and SELinux security contexts | libsystemd0 | 247.3-7+deb11u2 | |
LOW | CVE-2020-13529 | systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t | libsystemd0 | 247.3-7+deb11u2 | |
LOW | CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a seale ... | libsystemd0 | 247.3-7+deb11u2 | |
LOW | CVE-2023-31438 | An issue was discovered in systemd 253. An attacker can truncate a sea ... | libsystemd0 | 247.3-7+deb11u2 | |
LOW | CVE-2023-31439 | An issue was discovered in systemd 253. An attacker can modify the con ... | libsystemd0 | 247.3-7+deb11u2 | |
LOW | CVE-2013-4392 | TOCTOU race condition when updating file permissions and SELinux security contexts | libudev1 | 247.3-7+deb11u2 | |
LOW | CVE-2020-13529 | systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client t | libudev1 | 247.3-7+deb11u2 | |
LOW | CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a seale ... | libudev1 | 247.3-7+deb11u2 | |
LOW | CVE-2023-31438 | An issue was discovered in systemd 253. An attacker can truncate a sea ... | libudev1 | 247.3-7+deb11u2 | |
LOW | CVE-2023-31439 | An issue was discovered in systemd 253. An attacker can modify the con ... | libudev1 | 247.3-7+deb11u2 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libuuid1 | 2.36.1-8+deb11u1 | |
LOW | CVE-2007-5686 | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... | login | 1:4.8.1-1 | |
LOW | CVE-2013-4235 | shadow-utils: TOCTOU race conditions by copying and removing directory trees | login | 1:4.8.1-1 | |
LOW | CVE-2019-19882 | shadow-utils: local users can obtain root access because setuid programs are misconfigured | login | 1:4.8.1-1 | |
LOW | CVE-2023-29383 | Improper input validation in shadow-utils package utility chfn | login | 1:4.8.1-1 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | mount | 2.36.1-8+deb11u1 | |
LOW | CVE-2007-6755 | Dual_EC_DRBG: weak pseudo random number generator | openssl | 1.1.1n-0+deb11u4 | |
LOW | CVE-2010-0928 | openssl: RSA authentication weakness | openssl | 1.1.1n-0+deb11u4 | |
LOW | CVE-2007-5686 | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... | passwd | 1:4.8.1-1 | |
LOW | CVE-2013-4235 | shadow-utils: TOCTOU race conditions by copying and removing directory trees | passwd | 1:4.8.1-1 | |
LOW | CVE-2019-19882 | shadow-utils: local users can obtain root access because setuid programs are misconfigured | passwd | 1:4.8.1-1 | |
LOW | CVE-2023-29383 | Improper input validation in shadow-utils package utility chfn | passwd | 1:4.8.1-1 | |
LOW | CVE-2011-4116 | perl: File::Temp insecure temporary file handling | perl-base | 5.32.1-4+deb11u2 | |
LOW | CVE-2023-31486 | insecure TLS cert default | perl-base | 5.32.1-4+deb11u2 | |
LOW | CVE-2005-2541 | tar: does not properly warn the user when extracting setuid or setgid files | tar | 1.34+dfsg-1 | |
LOW | CVE-2022-48303 | heap buffer overflow at from_header() in list.c via specially crafted checksum | tar | 1.34+dfsg-1 | |
LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | util-linux | 2.36.1-8+deb11u1 | |
LOW | GHSA-5cpq-8wj7-hf2v | Vulnerable OpenSSL included in cryptography wheels | cryptography | 38.0.4 | 41.0.0 |
LOW | GHSA-jm77-qphf-c4w8 | pyca/cryptography's wheels include vulnerable OpenSSL | cryptography | 38.0.4 | 41.0.3 |
LOW | GHSA-v8gr-m533-ghj9 | Vulnerable OpenSSL included in cryptography wheels | cryptography | 38.0.4 | 41.0.4 |
Date: 2023-10-31