-
Notifications
You must be signed in to change notification settings - Fork 0
dockerhub.hi.inet evolved 5g validation umacsicnetapp umacsicnetapp angry_franklin
Evolved5G edited this page Jun 26, 2023
·
9 revisions
Severity | Number of vulnerabilities |
---|---|
CRITICAL | 2 |
HIGH | 30 |
MEDIUM | 23 |
LOW | 3 |
Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
---|---|---|---|---|---|
CRITICAL | CVE-2023-23914 | HSTS ignored on multiple requests | curl | 7.83.1-r4 | 7.83.1-r6 |
CRITICAL | CVE-2023-23914 | HSTS ignored on multiple requests | libcurl | 7.83.1-r5 | 7.83.1-r6 |
HIGH | CVE-2022-43551 | HSTS bypass via IDN | curl | 7.83.1-r4 | 7.83.1-r5 |
HIGH | CVE-2023-27533 | TELNET option IAC injection | curl | 7.83.1-r4 | 8.0.1-r0 |
HIGH | CVE-2023-27534 | SFTP path ~ resolving discrepancy | curl | 7.83.1-r4 | 8.0.1-r0 |
HIGH | CVE-2023-27535 | FTP too eager connection reuse | curl | 7.83.1-r4 | 8.0.1-r0 |
HIGH | CVE-2023-28319 | use after free in SSH sha256 fingerprint check | curl | 7.83.1-r4 | 8.1.0-r0 |
HIGH | CVE-2023-23946 | a path outside the working tree can be overwritten with crafted input | git | 2.36.4-r0 | 2.36.5-r0 |
HIGH | CVE-2023-25652 | by feeding specially crafted input to git apply --reject , a path outside the working tree can be o |
git | 2.36.4-r0 | 2.36.6-r0 |
HIGH | CVE-2023-29007 | arbitrary configuration injection when renaming or deleting a section from a configuration file | git | 2.36.4-r0 | 2.36.6-r0 |
HIGH | CVE-2022-4450 | double free after calling PEM_read_bio_ex | libcrypto1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0215 | use-after-free following BIO_new_NDEF | libcrypto1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | libcrypto1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | libcrypto1.1 | 1.1.1s-r0 | 1.1.1t-r1 |
HIGH | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | libcrypto1.1 | 1.1.1s-r0 | 1.1.1u-r0 |
HIGH | CVE-2023-27533 | TELNET option IAC injection | libcurl | 7.83.1-r5 | 8.0.1-r0 |
HIGH | CVE-2023-27534 | SFTP path ~ resolving discrepancy | libcurl | 7.83.1-r5 | 8.0.1-r0 |
HIGH | CVE-2023-27535 | FTP too eager connection reuse | libcurl | 7.83.1-r5 | 8.0.1-r0 |
HIGH | CVE-2023-28319 | use after free in SSH sha256 fingerprint check | libcurl | 7.83.1-r5 | 8.1.0-r0 |
HIGH | CVE-2022-4450 | double free after calling PEM_read_bio_ex | libssl1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0215 | use-after-free following BIO_new_NDEF | libssl1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | libssl1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | libssl1.1 | 1.1.1s-r0 | 1.1.1t-r1 |
HIGH | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | libssl1.1 | 1.1.1s-r0 | 1.1.1u-r0 |
HIGH | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | ncurses-libs | 6.3_p20220521-r0 | 6.3_p20220521-r1 |
HIGH | CVE-2023-29491 | Local users can trigger security-relevant memory corruption via malformed data | ncurses-terminfo-base | 6.3_p20220521-r0 | 6.3_p20220521-r1 |
HIGH | CVE-2022-4450 | double free after calling PEM_read_bio_ex | openssl | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0215 | use-after-free following BIO_new_NDEF | openssl | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | openssl | 1.1.1s-r0 | 1.1.1t-r0 |
HIGH | CVE-2023-0464 | Denial of service by excessive resource usage in verifying X509 policy constraints | openssl | 1.1.1s-r0 | 1.1.1t-r1 |
HIGH | CVE-2023-2650 | Possible DoS translating ASN.1 object identifiers | openssl | 1.1.1s-r0 | 1.1.1u-r0 |
HIGH | CVE-2022-24894 | Symfony is a PHP framework for web and console applications and a set ... | symfony/http-kernel | v5.4.12 | 2.5.0, 3.1.0, 3.2.0, 5.4.0, 2.6.0, 3.4.0, 2.3.0, 6.0.20, 4.4.0, 5.4.20, 3.3.0, 2.4.0, 4.2.0, 5.2.0, 6.1.12, 2.8.0, 4.0.0, 6.2.6, 2.1.0, 3.0.0, 4.4.50, 5.3.0, 4.3.0, 5.1.0, 2.2.0, 2.7.0, 4.1.0 |
MEDIUM | CVE-2022-43552 | Use-after-free triggered by an HTTP proxy deny response | curl | 7.83.1-r4 | 7.83.1-r5 |
MEDIUM | CVE-2023-23915 | HSTS amnesia with --parallel | curl | 7.83.1-r4 | 7.83.1-r6 |
MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | curl | 7.83.1-r4 | 7.83.1-r6 |
MEDIUM | CVE-2023-27536 | GSS delegation too eager connection re-use | curl | 7.83.1-r4 | 8.0.1-r0 |
MEDIUM | CVE-2023-27537 | curl: HSTS double-free | curl | 7.83.1-r4 | 8.0.1-r0 |
MEDIUM | CVE-2023-27538 | SSH connection too eager reuse still | curl | 7.83.1-r4 | 8.0.1-r0 |
MEDIUM | CVE-2023-28320 | siglongjmp race condition may lead to crash | curl | 7.83.1-r4 | 8.1.0-r0 |
MEDIUM | CVE-2023-28321 | IDN wildcard match may lead to Improper Cerificate Validation | curl | 7.83.1-r4 | 8.1.0-r0 |
MEDIUM | CVE-2023-22490 | data exfiltration with maliciously crafted repository | git | 2.36.4-r0 | 2.36.5-r0 |
MEDIUM | CVE-2022-4304 | timing attack in RSA Decryption implementation | libcrypto1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
MEDIUM | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | libcrypto1.1 | 1.1.1s-r0 | 1.1.1t-r2 |
MEDIUM | CVE-2023-23915 | HSTS amnesia with --parallel | libcurl | 7.83.1-r5 | 7.83.1-r6 |
MEDIUM | CVE-2023-23916 | HTTP multi-header compression denial of service | libcurl | 7.83.1-r5 | 7.83.1-r6 |
MEDIUM | CVE-2023-27536 | GSS delegation too eager connection re-use | libcurl | 7.83.1-r5 | 8.0.1-r0 |
MEDIUM | CVE-2023-27537 | curl: HSTS double-free | libcurl | 7.83.1-r5 | 8.0.1-r0 |
MEDIUM | CVE-2023-27538 | SSH connection too eager reuse still | libcurl | 7.83.1-r5 | 8.0.1-r0 |
MEDIUM | CVE-2023-28320 | siglongjmp race condition may lead to crash | libcurl | 7.83.1-r5 | 8.1.0-r0 |
MEDIUM | CVE-2023-28321 | IDN wildcard match may lead to Improper Cerificate Validation | libcurl | 7.83.1-r5 | 8.1.0-r0 |
MEDIUM | CVE-2022-4304 | timing attack in RSA Decryption implementation | libssl1.1 | 1.1.1s-r0 | 1.1.1t-r0 |
MEDIUM | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | libssl1.1 | 1.1.1s-r0 | 1.1.1t-r2 |
MEDIUM | CVE-2022-4304 | timing attack in RSA Decryption implementation | openssl | 1.1.1s-r0 | 1.1.1t-r0 |
MEDIUM | CVE-2023-0465 | Invalid certificate policies in leaf certificates are silently ignored | openssl | 1.1.1s-r0 | 1.1.1t-r2 |
MEDIUM | CVE-2022-48303 | heap buffer overflow at from_header() in list.c via specially crafted checksum | tar | 1.34-r0 | 1.34-r1 |
LOW | CVE-2023-28322 | more POST-after-PUT confusion | curl | 7.83.1-r4 | 8.1.0-r0 |
LOW | CVE-2023-25815 | malicious placement of crafted messages when git was compiled with runtime prefix | git | 2.36.4-r0 | 2.36.6-r0 |
LOW | CVE-2023-28322 | more POST-after-PUT confusion | libcurl | 7.83.1-r5 | 8.1.0-r0 |
Date: 2023-06-26