Skip to content

dockerhub.hi.inet evolved 5g validation umacsicnetapp umacsicnetapp angry_franklin

Evolved5G edited this page Jun 26, 2023 · 9 revisions

Scan of image: dockerhub.hi.inet/evolved-5g/validation/umacsicnetapp/umacsicnetapp-angry_franklin


Summary

Severity Number of vulnerabilities
CRITICAL 2
HIGH 30
MEDIUM 23
LOW 3

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
CRITICAL CVE-2023-23914 HSTS ignored on multiple requests curl 7.83.1-r4 7.83.1-r6
CRITICAL CVE-2023-23914 HSTS ignored on multiple requests libcurl 7.83.1-r5 7.83.1-r6
HIGH CVE-2022-43551 HSTS bypass via IDN curl 7.83.1-r4 7.83.1-r5
HIGH CVE-2023-27533 TELNET option IAC injection curl 7.83.1-r4 8.0.1-r0
HIGH CVE-2023-27534 SFTP path ~ resolving discrepancy curl 7.83.1-r4 8.0.1-r0
HIGH CVE-2023-27535 FTP too eager connection reuse curl 7.83.1-r4 8.0.1-r0
HIGH CVE-2023-28319 use after free in SSH sha256 fingerprint check curl 7.83.1-r4 8.1.0-r0
HIGH CVE-2023-23946 a path outside the working tree can be overwritten with crafted input git 2.36.4-r0 2.36.5-r0
HIGH CVE-2023-25652 by feeding specially crafted input to git apply --reject, a path outside the working tree can be o git 2.36.4-r0 2.36.6-r0
HIGH CVE-2023-29007 arbitrary configuration injection when renaming or deleting a section from a configuration file git 2.36.4-r0 2.36.6-r0
HIGH CVE-2022-4450 double free after calling PEM_read_bio_ex libcrypto1.1 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0215 use-after-free following BIO_new_NDEF libcrypto1.1 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0286 X.400 address type confusion in X.509 GeneralName libcrypto1.1 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0464 Denial of service by excessive resource usage in verifying X509 policy constraints libcrypto1.1 1.1.1s-r0 1.1.1t-r1
HIGH CVE-2023-2650 Possible DoS translating ASN.1 object identifiers libcrypto1.1 1.1.1s-r0 1.1.1u-r0
HIGH CVE-2023-27533 TELNET option IAC injection libcurl 7.83.1-r5 8.0.1-r0
HIGH CVE-2023-27534 SFTP path ~ resolving discrepancy libcurl 7.83.1-r5 8.0.1-r0
HIGH CVE-2023-27535 FTP too eager connection reuse libcurl 7.83.1-r5 8.0.1-r0
HIGH CVE-2023-28319 use after free in SSH sha256 fingerprint check libcurl 7.83.1-r5 8.1.0-r0
HIGH CVE-2022-4450 double free after calling PEM_read_bio_ex libssl1.1 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0215 use-after-free following BIO_new_NDEF libssl1.1 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0286 X.400 address type confusion in X.509 GeneralName libssl1.1 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0464 Denial of service by excessive resource usage in verifying X509 policy constraints libssl1.1 1.1.1s-r0 1.1.1t-r1
HIGH CVE-2023-2650 Possible DoS translating ASN.1 object identifiers libssl1.1 1.1.1s-r0 1.1.1u-r0
HIGH CVE-2023-29491 Local users can trigger security-relevant memory corruption via malformed data ncurses-libs 6.3_p20220521-r0 6.3_p20220521-r1
HIGH CVE-2023-29491 Local users can trigger security-relevant memory corruption via malformed data ncurses-terminfo-base 6.3_p20220521-r0 6.3_p20220521-r1
HIGH CVE-2022-4450 double free after calling PEM_read_bio_ex openssl 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0215 use-after-free following BIO_new_NDEF openssl 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0286 X.400 address type confusion in X.509 GeneralName openssl 1.1.1s-r0 1.1.1t-r0
HIGH CVE-2023-0464 Denial of service by excessive resource usage in verifying X509 policy constraints openssl 1.1.1s-r0 1.1.1t-r1
HIGH CVE-2023-2650 Possible DoS translating ASN.1 object identifiers openssl 1.1.1s-r0 1.1.1u-r0
HIGH CVE-2022-24894 Symfony is a PHP framework for web and console applications and a set ... symfony/http-kernel v5.4.12 2.5.0, 3.1.0, 3.2.0, 5.4.0, 2.6.0, 3.4.0, 2.3.0, 6.0.20, 4.4.0, 5.4.20, 3.3.0, 2.4.0, 4.2.0, 5.2.0, 6.1.12, 2.8.0, 4.0.0, 6.2.6, 2.1.0, 3.0.0, 4.4.50, 5.3.0, 4.3.0, 5.1.0, 2.2.0, 2.7.0, 4.1.0
MEDIUM CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response curl 7.83.1-r4 7.83.1-r5
MEDIUM CVE-2023-23915 HSTS amnesia with --parallel curl 7.83.1-r4 7.83.1-r6
MEDIUM CVE-2023-23916 HTTP multi-header compression denial of service curl 7.83.1-r4 7.83.1-r6
MEDIUM CVE-2023-27536 GSS delegation too eager connection re-use curl 7.83.1-r4 8.0.1-r0
MEDIUM CVE-2023-27537 curl: HSTS double-free curl 7.83.1-r4 8.0.1-r0
MEDIUM CVE-2023-27538 SSH connection too eager reuse still curl 7.83.1-r4 8.0.1-r0
MEDIUM CVE-2023-28320 siglongjmp race condition may lead to crash curl 7.83.1-r4 8.1.0-r0
MEDIUM CVE-2023-28321 IDN wildcard match may lead to Improper Cerificate Validation curl 7.83.1-r4 8.1.0-r0
MEDIUM CVE-2023-22490 data exfiltration with maliciously crafted repository git 2.36.4-r0 2.36.5-r0
MEDIUM CVE-2022-4304 timing attack in RSA Decryption implementation libcrypto1.1 1.1.1s-r0 1.1.1t-r0
MEDIUM CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored libcrypto1.1 1.1.1s-r0 1.1.1t-r2
MEDIUM CVE-2023-23915 HSTS amnesia with --parallel libcurl 7.83.1-r5 7.83.1-r6
MEDIUM CVE-2023-23916 HTTP multi-header compression denial of service libcurl 7.83.1-r5 7.83.1-r6
MEDIUM CVE-2023-27536 GSS delegation too eager connection re-use libcurl 7.83.1-r5 8.0.1-r0
MEDIUM CVE-2023-27537 curl: HSTS double-free libcurl 7.83.1-r5 8.0.1-r0
MEDIUM CVE-2023-27538 SSH connection too eager reuse still libcurl 7.83.1-r5 8.0.1-r0
MEDIUM CVE-2023-28320 siglongjmp race condition may lead to crash libcurl 7.83.1-r5 8.1.0-r0
MEDIUM CVE-2023-28321 IDN wildcard match may lead to Improper Cerificate Validation libcurl 7.83.1-r5 8.1.0-r0
MEDIUM CVE-2022-4304 timing attack in RSA Decryption implementation libssl1.1 1.1.1s-r0 1.1.1t-r0
MEDIUM CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored libssl1.1 1.1.1s-r0 1.1.1t-r2
MEDIUM CVE-2022-4304 timing attack in RSA Decryption implementation openssl 1.1.1s-r0 1.1.1t-r0
MEDIUM CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored openssl 1.1.1s-r0 1.1.1t-r2
MEDIUM CVE-2022-48303 heap buffer overflow at from_header() in list.c via specially crafted checksum tar 1.34-r0 1.34-r1
LOW CVE-2023-28322 more POST-after-PUT confusion curl 7.83.1-r4 8.1.0-r0
LOW CVE-2023-25815 malicious placement of crafted messages when git was compiled with runtime prefix git 2.36.4-r0 2.36.6-r0
LOW CVE-2023-28322 more POST-after-PUT confusion libcurl 7.83.1-r5 8.1.0-r0

Date: 2023-06-26