-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
- Loading branch information
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| FROM node:19.4.0-bullseye-slim | ||
| FROM node:19.3.0-bullseye-slim | ||
|
Check notice Code scanning / Trivy It was found that apt-key in apt, all versions, do not correctly valid ... Low
Package: apt
Installed Version: 2.2.4 Vulnerability CVE-2011-3374 Severity: LOW Fixed Version: Link: CVE-2011-3374 Check failure Code scanning / Trivy bash: a heap-buffer-overflow in valid_parameter_transform High
Package: bash
Installed Version: 5.1-2+deb11u1 Vulnerability CVE-2022-3715 Severity: HIGH Fixed Version: Link: CVE-2022-3715 Check notice Code scanning / Trivy [Privilege escalation possible to other user than root] Low
Package: bash
Installed Version: 5.1-2+deb11u1 Vulnerability TEMP-0841856-B18BAF Severity: LOW Fixed Version: Link: TEMP-0841856-B18BAF Check failure Code scanning / Trivy util-linux: CVE-2024-28085: wall: escape sequence injection High
Package: bsdutils
Installed Version: 1:2.36.1-8+deb11u1 Vulnerability CVE-2024-28085 Severity: HIGH Fixed Version: 2.36.1-8+deb11u2 Link: CVE-2024-28085 Check notice Code scanning / Trivy util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline Low
Package: bsdutils
Installed Version: 1:2.36.1-8+deb11u1 Vulnerability CVE-2022-0563 Severity: LOW Fixed Version: Link: CVE-2022-0563 Check notice Code scanning / Trivy coreutils: Non-privileged session can escape to the parent session in chroot Low
Package: coreutils
Installed Version: 8.32-4+b1 Vulnerability CVE-2016-2781 Severity: LOW Fixed Version: Link: CVE-2016-2781 Check notice Code scanning / Trivy coreutils: race condition vulnerability in chown and chgrp Low
Package: coreutils
Installed Version: 8.32-4+b1 Vulnerability CVE-2017-18018 Severity: LOW Fixed Version: Link: CVE-2017-18018 Check failure Code scanning / Trivy e2fsprogs: out-of-bounds read/write via crafted filesystem High
Package: e2fsprogs
Installed Version: 1.46.2-2 Vulnerability CVE-2022-1304 Severity: HIGH Fixed Version: 1.46.2-2+deb11u1 Link: CVE-2022-1304 Check notice Code scanning / Trivy gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 Low
Package: gcc-10-base
Installed Version: 10.2.1-6 Vulnerability CVE-2023-4039 Severity: LOW Fixed Version: Link: CVE-2023-4039 Check notice Code scanning / Trivy gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 Low
Package: gcc-9-base
Installed Version: 9.3.0-22 Vulnerability CVE-2023-4039 Severity: LOW Fixed Version: Link: CVE-2023-4039 Check notice Code scanning / Trivy gnupg: denial of service issue (resource consumption) using compressed packets Low
Package: gpgv
Installed Version: 2.2.27-2+deb11u2 Vulnerability CVE-2022-3219 Severity: LOW Fixed Version: Link: CVE-2022-3219 Check notice Code scanning / Trivy It was found that apt-key in apt, all versions, do not correctly valid ... Low
Package: libapt-pkg6.0
Installed Version: 2.2.4 Vulnerability CVE-2011-3374 Severity: LOW Fixed Version: Link: CVE-2011-3374 Check failure Code scanning / Trivy util-linux: CVE-2024-28085: wall: escape sequence injection High
Package: libblkid1
Installed Version: 2.36.1-8+deb11u1 Vulnerability CVE-2024-28085 Severity: HIGH Fixed Version: 2.36.1-8+deb11u2 Link: CVE-2024-28085 Check notice Code scanning / Trivy util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline Low
Package: libblkid1
Installed Version: 2.36.1-8+deb11u1 Vulnerability CVE-2022-0563 Severity: LOW Fixed Version: Link: CVE-2022-0563 Check failure Code scanning / Trivy glibc: buffer overflow in ld.so leading to privilege escalation High
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2023-4911 Severity: HIGH Fixed Version: 2.31-13+deb11u7 Link: CVE-2023-4911 Check failure Code scanning / Trivy glibc: Out of bounds write in iconv may lead to remote code execution High
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-2961 Severity: HIGH Fixed Version: 2.31-13+deb11u9 Link: CVE-2024-2961 Check failure Code scanning / Trivy glibc: stack-based buffer overflow in netgroup cache High
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33599 Severity: HIGH Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33599 Check warning Code scanning / Trivy glibc: potential use-after-free in getaddrinfo() Medium
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2023-4806 Severity: MEDIUM Fixed Version: Link: CVE-2023-4806 Check warning Code scanning / Trivy glibc: potential use-after-free in gaih_inet() Medium
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2023-4813 Severity: MEDIUM Fixed Version: Link: CVE-2023-4813 Check warning Code scanning / Trivy glibc: null pointer dereferences after failed netgroup cache insertion Medium
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33600 Severity: MEDIUM Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33600 Check warning Code scanning / Trivy glibc: netgroup cache may terminate daemon on memory allocation failure Medium
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33601 Severity: MEDIUM Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33601 Check warning Code scanning / Trivy glibc: netgroup cache assumes NSS callback uses in-buffer strings Medium
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33602 Severity: MEDIUM Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33602 Check notice Code scanning / Trivy glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2010-4756 Severity: LOW Fixed Version: Link: CVE-2010-4756 Check notice Code scanning / Trivy glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2018-20796 Severity: LOW Fixed Version: Link: CVE-2018-20796 Check notice Code scanning / Trivy glibc: stack guard protection bypass Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010022 Severity: LOW Fixed Version: Link: CVE-2019-1010022 Check notice Code scanning / Trivy glibc: running ldd on malicious ELF leads to code execution because of wrong size computation Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010023 Severity: LOW Fixed Version: Link: CVE-2019-1010023 Check notice Code scanning / Trivy glibc: ASLR bypass using cache of thread stack and heap Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010024 Severity: LOW Fixed Version: Link: CVE-2019-1010024 Check notice Code scanning / Trivy glibc: information disclosure of heap addresses of pthread_created thread Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010025 Severity: LOW Fixed Version: Link: CVE-2019-1010025 Check notice Code scanning / Trivy glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c Low
Package: libc-bin
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-9192 Severity: LOW Fixed Version: Link: CVE-2019-9192 Check failure Code scanning / Trivy glibc: buffer overflow in ld.so leading to privilege escalation High
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2023-4911 Severity: HIGH Fixed Version: 2.31-13+deb11u7 Link: CVE-2023-4911 Check failure Code scanning / Trivy glibc: Out of bounds write in iconv may lead to remote code execution High
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-2961 Severity: HIGH Fixed Version: 2.31-13+deb11u9 Link: CVE-2024-2961 Check failure Code scanning / Trivy glibc: stack-based buffer overflow in netgroup cache High
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33599 Severity: HIGH Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33599 Check warning Code scanning / Trivy glibc: potential use-after-free in getaddrinfo() Medium
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2023-4806 Severity: MEDIUM Fixed Version: Link: CVE-2023-4806 Check warning Code scanning / Trivy glibc: potential use-after-free in gaih_inet() Medium
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2023-4813 Severity: MEDIUM Fixed Version: Link: CVE-2023-4813 Check warning Code scanning / Trivy glibc: null pointer dereferences after failed netgroup cache insertion Medium
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33600 Severity: MEDIUM Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33600 Check warning Code scanning / Trivy glibc: netgroup cache may terminate daemon on memory allocation failure Medium
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33601 Severity: MEDIUM Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33601 Check warning Code scanning / Trivy glibc: netgroup cache assumes NSS callback uses in-buffer strings Medium
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2024-33602 Severity: MEDIUM Fixed Version: 2.31-13+deb11u10 Link: CVE-2024-33602 Check notice Code scanning / Trivy glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2010-4756 Severity: LOW Fixed Version: Link: CVE-2010-4756 Check notice Code scanning / Trivy glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2018-20796 Severity: LOW Fixed Version: Link: CVE-2018-20796 Check notice Code scanning / Trivy glibc: stack guard protection bypass Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010022 Severity: LOW Fixed Version: Link: CVE-2019-1010022 Check notice Code scanning / Trivy glibc: running ldd on malicious ELF leads to code execution because of wrong size computation Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010023 Severity: LOW Fixed Version: Link: CVE-2019-1010023 Check notice Code scanning / Trivy glibc: ASLR bypass using cache of thread stack and heap Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010024 Severity: LOW Fixed Version: Link: CVE-2019-1010024 Check notice Code scanning / Trivy glibc: information disclosure of heap addresses of pthread_created thread Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-1010025 Severity: LOW Fixed Version: Link: CVE-2019-1010025 Check notice Code scanning / Trivy glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c Low
Package: libc6
Installed Version: 2.31-13+deb11u5 Vulnerability CVE-2019-9192 Severity: LOW Fixed Version: Link: CVE-2019-9192 Check failure Code scanning / Trivy e2fsprogs: out-of-bounds read/write via crafted filesystem High
Package: libcom-err2
Installed Version: 1.46.2-2 Vulnerability CVE-2022-1304 Severity: HIGH Fixed Version: 1.46.2-2+deb11u1 Link: CVE-2022-1304 Check failure Code scanning / Trivy sqlite: heap out-of-bound read in function rtreenode() Critical
Package: libdb5.3
Installed Version: 5.3.28+dfsg1-0.8 Vulnerability CVE-2019-8457 Severity: CRITICAL Fixed Version: Link: CVE-2019-8457 Check failure Code scanning / Trivy e2fsprogs: out-of-bounds read/write via crafted filesystem High
Package: libext2fs2
Installed Version: 1.46.2-2 Vulnerability CVE-2022-1304 Severity: HIGH Fixed Version: 1.46.2-2+deb11u1 Link: CVE-2022-1304 Check notice Code scanning / Trivy gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 Low
Package: libgcc-s1
Installed Version: 10.2.1-6 Vulnerability CVE-2023-4039 Severity: LOW Fixed Version: Link: CVE-2023-4039 Check failure Code scanning / Trivy libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm High
Package: libgcrypt20
Installed Version: 1.8.7-6 Vulnerability CVE-2021-33560 Severity: HIGH Fixed Version: Link: CVE-2021-33560 Check warning Code scanning / Trivy libgcrypt: vulnerable to Marvin Attack Medium
Package: libgcrypt20
Installed Version: 1.8.7-6 Vulnerability CVE-2024-2236 Severity: MEDIUM Fixed Version: Link: CVE-2024-2236 Check notice Code scanning / Trivy libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information Low
Package: libgcrypt20
Installed Version: 1.8.7-6 Vulnerability CVE-2018-6829 Severity: LOW Fixed Version: Link: CVE-2018-6829 Check failure Code scanning / Trivy gnutls: timing side-channel in the TLS RSA key exchange code High
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2023-0361 Severity: HIGH Fixed Version: 3.7.1-5+deb11u3 Link: CVE-2023-0361 Check failure Code scanning / Trivy gnutls: incomplete fix for CVE-2023-5981 High
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2024-0553 Severity: HIGH Fixed Version: 3.7.1-5+deb11u5 Link: CVE-2024-0553 Check failure Code scanning / Trivy gnutls: rejects certificate chain with distributed trust High
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2024-0567 Severity: HIGH Fixed Version: 3.7.1-5+deb11u5 Link: CVE-2024-0567 Check warning Code scanning / Trivy gnutls: timing side-channel in the RSA-PSK authentication Medium
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2023-5981 Severity: MEDIUM Fixed Version: 3.7.1-5+deb11u4 Link: CVE-2023-5981 Check warning Code scanning / Trivy gnutls: vulnerable to Minerva side-channel information leak Medium
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2024-28834 Severity: MEDIUM Fixed Version: 3.7.1-5+deb11u6 Link: CVE-2024-28834 Check warning Code scanning / Trivy gnutls: potential crash during chain building/verification Medium
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2024-28835 Severity: MEDIUM Fixed Version: 3.7.1-5+deb11u6 Link: CVE-2024-28835 Check notice Code scanning / Trivy HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) Low
Package: libgnutls30
Installed Version: 3.7.1-5+deb11u2 Vulnerability CVE-2011-3389 Severity: LOW Fixed Version: Link: CVE-2011-3389 Check failure Code scanning / Trivy krb5: GSS message token handling Critical
Package: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37371 Severity: CRITICAL Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37371 Check failure Code scanning / Trivy krb5: GSS message token handling High
Package: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37370 Severity: HIGH Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37370 Check warning Code scanning / Trivy krb5: Denial of service through freeing uninitialized pointer Medium
Package: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2023-36054 Severity: MEDIUM Fixed Version: 1.18.3-6+deb11u4 Link: CVE-2023-36054 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Low
Package: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26458 Severity: LOW Fixed Version: Link: CVE-2024-26458 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Low
Package: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26461 Severity: LOW Fixed Version: Link: CVE-2024-26461 Check notice Code scanning / Trivy krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c Low
Package: libgssapi-krb5-2
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2018-5709 Severity: LOW Fixed Version: Link: CVE-2018-5709 Check failure Code scanning / Trivy krb5: GSS message token handling Critical
Package: libk5crypto3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37371 Severity: CRITICAL Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37371 Check failure Code scanning / Trivy krb5: GSS message token handling High
Package: libk5crypto3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37370 Severity: HIGH Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37370 Check warning Code scanning / Trivy krb5: Denial of service through freeing uninitialized pointer Medium
Package: libk5crypto3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2023-36054 Severity: MEDIUM Fixed Version: 1.18.3-6+deb11u4 Link: CVE-2023-36054 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Low
Package: libk5crypto3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26458 Severity: LOW Fixed Version: Link: CVE-2024-26458 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Low
Package: libk5crypto3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26461 Severity: LOW Fixed Version: Link: CVE-2024-26461 Check notice Code scanning / Trivy krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c Low
Package: libk5crypto3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2018-5709 Severity: LOW Fixed Version: Link: CVE-2018-5709 Check failure Code scanning / Trivy krb5: GSS message token handling Critical
Package: libkrb5-3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37371 Severity: CRITICAL Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37371 Check failure Code scanning / Trivy krb5: GSS message token handling High
Package: libkrb5-3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37370 Severity: HIGH Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37370 Check warning Code scanning / Trivy krb5: Denial of service through freeing uninitialized pointer Medium
Package: libkrb5-3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2023-36054 Severity: MEDIUM Fixed Version: 1.18.3-6+deb11u4 Link: CVE-2023-36054 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Low
Package: libkrb5-3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26458 Severity: LOW Fixed Version: Link: CVE-2024-26458 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Low
Package: libkrb5-3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26461 Severity: LOW Fixed Version: Link: CVE-2024-26461 Check notice Code scanning / Trivy krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c Low
Package: libkrb5-3
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2018-5709 Severity: LOW Fixed Version: Link: CVE-2018-5709 Check failure Code scanning / Trivy krb5: GSS message token handling Critical
Package: libkrb5support0
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37371 Severity: CRITICAL Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37371 Check failure Code scanning / Trivy krb5: GSS message token handling High
Package: libkrb5support0
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-37370 Severity: HIGH Fixed Version: 1.18.3-6+deb11u5 Link: CVE-2024-37370 Check warning Code scanning / Trivy krb5: Denial of service through freeing uninitialized pointer Medium
Package: libkrb5support0
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2023-36054 Severity: MEDIUM Fixed Version: 1.18.3-6+deb11u4 Link: CVE-2023-36054 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c Low
Package: libkrb5support0
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26458 Severity: LOW Fixed Version: Link: CVE-2024-26458 Check notice Code scanning / Trivy krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c Low
Package: libkrb5support0
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2024-26461 Severity: LOW Fixed Version: Link: CVE-2024-26461 Check notice Code scanning / Trivy krb5: integer overflow in dbentry->n_key_data in kadmin/dbutil/dump.c Low
Package: libkrb5support0
Installed Version: 1.18.3-6+deb11u3 Vulnerability CVE-2018-5709 Severity: LOW Fixed Version: Link: CVE-2018-5709 Check failure Code scanning / Trivy util-linux: CVE-2024-28085: wall: escape sequence injection High
Package: libmount1
Installed Version: 2.36.1-8+deb11u1 Vulnerability CVE-2024-28085 Severity: HIGH Fixed Version: 2.36.1-8+deb11u2 Link: CVE-2024-28085 Check notice Code scanning / Trivy util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline Low
Package: libmount1
Installed Version: 2.36.1-8+deb11u1 Vulnerability CVE-2022-0563 Severity: LOW Fixed Version: Link: CVE-2022-0563 Check warning Code scanning / Trivy pam: allowing unprivileged user to block another user namespace Medium
Package: libpam-modules
Installed Version: 1.4.0-9+deb11u1 Vulnerability CVE-2024-22365 Severity: MEDIUM Fixed Version: Link: CVE-2024-22365 Check warning Code scanning / Trivy pam: allowing unprivileged user to block another user namespace Medium
Package: libpam-modules-bin
Installed Version: 1.4.0-9+deb11u1 Vulnerability CVE-2024-22365 Severity: MEDIUM Fixed Version: Link: CVE-2024-22365 Check warning Code scanning / Trivy pam: allowing unprivileged user to block another user namespace Medium
Package: libpam-runtime
Installed Version: 1.4.0-9+deb11u1 Vulnerability CVE-2024-22365 Severity: MEDIUM Fixed Version: Link: CVE-2024-22365 Check warning Code scanning / Trivy pam: allowing unprivileged user to block another user namespace Medium
Package: libpam0g
Installed Version: 1.4.0-9+deb11u1 Vulnerability CVE-2024-22365 Severity: MEDIUM Fixed Version: Link: CVE-2024-22365 Check notice Code scanning / Trivy pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop Low
Package: libpcre2-8-0
Installed Version: 10.36-2+deb11u1 Vulnerability CVE-2022-41409 Severity: LOW Fixed Version: Link: CVE-2022-41409 Check notice Code scanning / Trivy pcre: OP_KETRMAX feature in the match function in pcre_exec.c Low
Package: libpcre3
Installed Version: 2:8.39-13 Vulnerability CVE-2017-11164 Severity: LOW Fixed Version: Link: CVE-2017-11164 Check notice Code scanning / Trivy pcre: self-recursive call in match() in pcre_exec.c leads to denial of service Low
Package: libpcre3
Installed Version: 2:8.39-13 Vulnerability CVE-2017-16231 Severity: LOW Fixed Version: Link: CVE-2017-16231 Check notice Code scanning / Trivy pcre: stack-based buffer overflow write in pcre32_copy_substring Low
Package: libpcre3
Installed Version: 2:8.39-13 Vulnerability CVE-2017-7245 Severity: LOW Fixed Version: Link: CVE-2017-7245 Check notice Code scanning / Trivy pcre: stack-based buffer overflow write in pcre32_copy_substring Low
Package: libpcre3
Installed Version: 2:8.39-13 Vulnerability CVE-2017-7246 Severity: LOW Fixed Version: Link: CVE-2017-7246 Check notice Code scanning / Trivy pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 Low
Package: libpcre3
Installed Version: 2:8.39-13 Vulnerability CVE-2019-20838 Severity: LOW Fixed Version: Link: CVE-2019-20838 Check notice Code scanning / Trivy libsepol: use-after-free in __cil_verify_classperms() Low
Package: libsepol1
Installed Version: 3.1-1 Vulnerability CVE-2021-36084 Severity: LOW Fixed Version: 3.1-1+deb11u1 Link: CVE-2021-36084 Check notice Code scanning / Trivy libsepol: use-after-free in __cil_verify_classperms() Low
Package: libsepol1
Installed Version: 3.1-1 Vulnerability CVE-2021-36085 Severity: LOW Fixed Version: 3.1-1+deb11u1 Link: CVE-2021-36085 Check notice Code scanning / Trivy libsepol: use-after-free in cil_reset_classpermission() Low
Package: libsepol1
Installed Version: 3.1-1 Vulnerability CVE-2021-36086 Severity: LOW Fixed Version: 3.1-1+deb11u1 Link: CVE-2021-36086 Check notice Code scanning / Trivy libsepol: heap-based buffer overflow in ebitmap_match_any() Low
Package: libsepol1
Installed Version: 3.1-1 Vulnerability CVE-2021-36087 Severity: LOW Fixed Version: 3.1-1+deb11u1 Link: CVE-2021-36087 Check failure Code scanning / Trivy util-linux: CVE-2024-28085: wall: escape sequence injection High
Package: libsmartcols1
Installed Version: 2.36.1-8+deb11u1 Vulnerability CVE-2024-28085 Severity: HIGH Fixed Version: 2.36.1-8+deb11u2 Link: CVE-2024-28085 Check notice Code scanning / Trivy util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline Low
Package: libsmartcols1
Installed Version: 2.36.1-8+deb11u1 Vulnerability CVE-2022-0563 Severity: LOW Fixed Version: Link: CVE-2022-0563 |
||
|
|
||
| LABEL maintainer="Daniel García (cr0hn) [email protected]" | ||
|
|
||
|
|
||