-
Notifications
You must be signed in to change notification settings - Fork 0
dockerhub.hi.inet evolved 5g validation umacsicnetapp umacsicnetapp netapp
Evolved5G edited this page Sep 26, 2023
·
12 revisions
| Severity | Number of vulnerabilities |
|---|---|
| HIGH | 6 |
| MEDIUM | 20 |
| LOW | 62 |
| Severity | ID | Title | PkgName | InstalledVersion | FixedVersion |
|---|---|---|---|---|---|
| HIGH | CVE-2023-4806 | potential use-after-free in getaddrinfo() | libc-bin | 2.36-9+deb12u1 | |
| HIGH | CVE-2023-4806 | potential use-after-free in getaddrinfo() | libc6 | 2.36-9+deb12u1 | |
| HIGH | CVE-2023-31484 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS | perl-base | 5.36.0-7 | |
| HIGH | CVE-2023-37920 | Removal of e-Tugra root certificate | certifi | 2021.10.8 | 2023.7.22 |
| HIGH | CVE-2023-0286 | X.400 address type confusion in X.509 GeneralName | cryptography | 38.0.4 | 39.0.1 |
| HIGH | CVE-2022-40898 | remote attackers can cause denial of service via attacker controlled input to wheel cli | wheel | 0.36.2 | 0.38.1 |
| MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | gcc-12-base | 12.2.0-14 | |
| MEDIUM | CVE-2023-4527 | Stack read overflow in getaddrinfo in no-aaaa mode | libc-bin | 2.36-9+deb12u1 | |
| MEDIUM | CVE-2023-4527 | Stack read overflow in getaddrinfo in no-aaaa mode | libc6 | 2.36-9+deb12u1 | |
| MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | libgcc-s1 | 12.2.0-14 | |
| MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libgssapi-krb5-2 | 1.20.1-2 | |
| MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libk5crypto3 | 1.20.1-2 | |
| MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libkrb5-3 | 1.20.1-2 | |
| MEDIUM | CVE-2023-36054 | Denial of service through freeing uninitialized pointer | libkrb5support0 | 1.20.1-2 | |
| MEDIUM | CVE-2023-2975 | AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries | libssl3 | 3.0.9-1 | |
| MEDIUM | CVE-2023-3446 | Excessive time spent checking DH keys and parameters | libssl3 | 3.0.9-1 | |
| MEDIUM | CVE-2023-3817 | Excessive time spent checking DH q parameter value | libssl3 | 3.0.9-1 | |
| MEDIUM | CVE-2023-4039 | -fstack-protector fails to guard dynamic stack allocations on ARM64 | libstdc++6 | 12.2.0-14 | |
| MEDIUM | CVE-2023-4641 | possible password leak during passwd(1) change | login | 1:4.13+dfsg1-1+b1 | |
| MEDIUM | CVE-2023-2975 | AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries | openssl | 3.0.9-1 | |
| MEDIUM | CVE-2023-3446 | Excessive time spent checking DH keys and parameters | openssl | 3.0.9-1 | |
| MEDIUM | CVE-2023-3817 | Excessive time spent checking DH q parameter value | openssl | 3.0.9-1 | |
| MEDIUM | CVE-2023-4641 | possible password leak during passwd(1) change | passwd | 1:4.13+dfsg1-1+b1 | |
| MEDIUM | CVE-2022-23491 | untrusted root certificates | certifi | 2021.10.8 | 2022.12.07 |
| MEDIUM | CVE-2023-23931 | memory corruption via immutable objects | cryptography | 38.0.4 | 39.0.1 |
| MEDIUM | CVE-2023-32681 | Unintended leak of Proxy-Authorization header | requests | 2.26.0 | 2.31.0 |
| LOW | CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly valid ... | apt | 2.6.1 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | bsdutils | 1:2.38.1-5+b1 | |
| LOW | CVE-2016-2781 | coreutils: Non-privileged session can escape to the parent session in chroot | coreutils | 9.1-1 | |
| LOW | CVE-2017-18018 | coreutils: race condition vulnerability in chown and chgrp | coreutils | 9.1-1 | |
| LOW | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const | gcc-12-base | 12.2.0-14 | |
| LOW | CVE-2022-3219 | denial of service issue (resource consumption) using compressed packets | gpgv | 2.2.40-1.1 | |
| LOW | CVE-2011-3374 | It was found that apt-key in apt, all versions, do not correctly valid ... | libapt-pkg6.0 | 2.6.1 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libblkid1 | 2.38.1-5+b1 | |
| LOW | CVE-2010-4756 | glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2018-20796 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010022 | glibc: stack guard protection bypass | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010023 | glibc: running ldd on malicious ELF leads to code execution because of wrong size computation | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010024 | glibc: ASLR bypass using cache of thread stack and heap | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010025 | glibc: information disclosure of heap addresses of pthread_created thread | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2019-9192 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc-bin | 2.36-9+deb12u1 | |
| LOW | CVE-2010-4756 | glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expres | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2018-20796 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010022 | glibc: stack guard protection bypass | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010023 | glibc: running ldd on malicious ELF leads to code execution because of wrong size computation | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010024 | glibc: ASLR bypass using cache of thread stack and heap | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2019-1010025 | glibc: information disclosure of heap addresses of pthread_created thread | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2019-9192 | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c | libc6 | 2.36-9+deb12u1 | |
| LOW | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const | libgcc-s1 | 12.2.0-14 | |
| LOW | CVE-2018-6829 | libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintex | libgcrypt20 | 1.10.1-3 | |
| LOW | CVE-2011-3389 | HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) | libgnutls30 | 3.7.9-2 | |
| LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libgssapi-krb5-2 | 1.20.1-2 | |
| LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libk5crypto3 | 1.20.1-2 | |
| LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libkrb5-3 | 1.20.1-2 | |
| LOW | CVE-2018-5709 | krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c | libkrb5support0 | 1.20.1-2 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libmount1 | 2.38.1-5+b1 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libsmartcols1 | 2.38.1-5+b1 | |
| LOW | CVE-2021-45346 | sqlite: crafted SQL query allows a malicious user to obtain sensitive information | libsqlite3-0 | 3.40.1-2 | |
| LOW | CVE-2007-6755 | Dual_EC_DRBG: weak pseudo random number generator | libssl3 | 3.0.9-1 | |
| LOW | CVE-2010-0928 | openssl: RSA authentication weakness | libssl3 | 3.0.9-1 | |
| LOW | CVE-2022-27943 | libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const | libstdc++6 | 12.2.0-14 | |
| LOW | CVE-2013-4392 | TOCTOU race condition when updating file permissions and SELinux security contexts | libsystemd0 | 252.12-1~deb12u1 | |
| LOW | CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a seale ... | libsystemd0 | 252.12-1~deb12u1 | |
| LOW | CVE-2023-31438 | An issue was discovered in systemd 253. An attacker can truncate a sea ... | libsystemd0 | 252.12-1~deb12u1 | |
| LOW | CVE-2023-31439 | An issue was discovered in systemd 253. An attacker can modify the con ... | libsystemd0 | 252.12-1~deb12u1 | |
| LOW | CVE-2013-4392 | TOCTOU race condition when updating file permissions and SELinux security contexts | libudev1 | 252.12-1~deb12u1 | |
| LOW | CVE-2023-31437 | An issue was discovered in systemd 253. An attacker can modify a seale ... | libudev1 | 252.12-1~deb12u1 | |
| LOW | CVE-2023-31438 | An issue was discovered in systemd 253. An attacker can truncate a sea ... | libudev1 | 252.12-1~deb12u1 | |
| LOW | CVE-2023-31439 | An issue was discovered in systemd 253. An attacker can modify the con ... | libudev1 | 252.12-1~deb12u1 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | libuuid1 | 2.38.1-5+b1 | |
| LOW | CVE-2007-5686 | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... | login | 1:4.13+dfsg1-1+b1 | |
| LOW | CVE-2019-19882 | shadow-utils: local users can obtain root access because setuid programs are misconfigured | login | 1:4.13+dfsg1-1+b1 | |
| LOW | CVE-2023-29383 | Improper input validation in shadow-utils package utility chfn | login | 1:4.13+dfsg1-1+b1 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | mount | 2.38.1-5+b1 | |
| LOW | CVE-2007-6755 | Dual_EC_DRBG: weak pseudo random number generator | openssl | 3.0.9-1 | |
| LOW | CVE-2010-0928 | openssl: RSA authentication weakness | openssl | 3.0.9-1 | |
| LOW | CVE-2007-5686 | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... | passwd | 1:4.13+dfsg1-1+b1 | |
| LOW | CVE-2019-19882 | shadow-utils: local users can obtain root access because setuid programs are misconfigured | passwd | 1:4.13+dfsg1-1+b1 | |
| LOW | CVE-2023-29383 | Improper input validation in shadow-utils package utility chfn | passwd | 1:4.13+dfsg1-1+b1 | |
| LOW | CVE-2011-4116 | perl: File::Temp insecure temporary file handling | perl-base | 5.36.0-7 | |
| LOW | CVE-2023-31486 | insecure TLS cert default | perl-base | 5.36.0-7 | |
| LOW | CVE-2005-2541 | tar: does not properly warn the user when extracting setuid or setgid files | tar | 1.34+dfsg-1.2 | |
| LOW | CVE-2022-48303 | heap buffer overflow at from_header() in list.c via specially crafted checksum | tar | 1.34+dfsg-1.2 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | util-linux | 2.38.1-5+b1 | |
| LOW | CVE-2022-0563 | partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline | util-linux-extra | 2.38.1-5+b1 | |
| LOW | GHSA-5cpq-8wj7-hf2v | Vulnerable OpenSSL included in cryptography wheels | cryptography | 38.0.4 | 41.0.0 |
| LOW | GHSA-jm77-qphf-c4w8 | pyca/cryptography's wheels include vulnerable OpenSSL | cryptography | 38.0.4 | 41.0.3 |
| LOW | GHSA-v8gr-m533-ghj9 | Vulnerable OpenSSL included in cryptography wheels | cryptography | 38.0.4 | 41.0.4 |
Date: 2023-09-26