From ba2b36673a561aecdc4264c1c46e741d7b149991 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Fri, 19 Jul 2024 18:09:21 +0000 Subject: [PATCH 01/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 53 + Snyk/README.md | 52 + Snyk/scan.sh | 28 + Snyk/scan_results/crate_crate_4.6.6.md | 9039 +++++++++++++++++ Snyk/scan_results/dpage_pgadmin4_7.1.md | 340 + Snyk/scan_results/eclipse-mosquitto_2.0.14.md | 92 + Snyk/scan_results/eclipse-mosquitto_2.0.15.md | 190 + .../fiware_iotagent-json_1.26.0.md | 1022 ++ Snyk/scan_results/fiware_orion_3.7.0.md | 2330 +++++ Snyk/scan_results/fiware_orion_latest.md | 882 ++ Snyk/scan_results/grafana_grafana_9.3.0.md | 440 + Snyk/scan_results/mongo-express_1.0.2-20.md | 237 + Snyk/scan_results/mongo_4.4.md | 229 + Snyk/scan_results/mongo_5.0.24.md | 327 + .../n5gehtoolsmqtt-gateway-api_latest.md | 908 ++ .../n5gehtoolsmqtt-gateway-frontend_latest.md | 108 + .../n5gehtoolsmqtt-gateway-gateway_latest.md | 904 ++ .../orchestracities_quantumleap_0.8.3.md | 595 ++ .../portainer_portainer-ce_2.19.4.md | 320 + Snyk/scan_results/postgres_15.2.md | 1068 ++ Snyk/scan_results/redis_7.0.md | 321 + .../telefonicaiot_fiware-orion_3.8.1.md | 1698 ++++ 22 files changed, 21183 insertions(+) create mode 100644 .github/workflows/snyk-scan.yml create mode 100644 Snyk/README.md create mode 100755 Snyk/scan.sh create mode 100644 Snyk/scan_results/crate_crate_4.6.6.md create mode 100644 Snyk/scan_results/dpage_pgadmin4_7.1.md create mode 100644 Snyk/scan_results/eclipse-mosquitto_2.0.14.md create mode 100644 Snyk/scan_results/eclipse-mosquitto_2.0.15.md create mode 100644 Snyk/scan_results/fiware_iotagent-json_1.26.0.md create mode 100644 Snyk/scan_results/fiware_orion_3.7.0.md create mode 100644 Snyk/scan_results/fiware_orion_latest.md create mode 100644 Snyk/scan_results/grafana_grafana_9.3.0.md create mode 100644 Snyk/scan_results/mongo-express_1.0.2-20.md create mode 100644 Snyk/scan_results/mongo_4.4.md create mode 100644 Snyk/scan_results/mongo_5.0.24.md create mode 100644 Snyk/scan_results/n5gehtoolsmqtt-gateway-api_latest.md create mode 100644 Snyk/scan_results/n5gehtoolsmqtt-gateway-frontend_latest.md create mode 100644 Snyk/scan_results/n5gehtoolsmqtt-gateway-gateway_latest.md create mode 100644 Snyk/scan_results/orchestracities_quantumleap_0.8.3.md create mode 100644 Snyk/scan_results/portainer_portainer-ce_2.19.4.md create mode 100644 Snyk/scan_results/postgres_15.2.md create mode 100644 Snyk/scan_results/redis_7.0.md create mode 100644 Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml new file mode 100644 index 0000000..c4f1654 --- /dev/null +++ b/.github/workflows/snyk-scan.yml @@ -0,0 +1,53 @@ +name: Snyk Container Scan + +on: + push: + branches: + - 20-security-scan-of-the-image + pull_request: + branches: + - 20-security-scan-of-the-image + +jobs: + snyk: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Build API image + run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . + + - name: Build Frontend image + run: docker build -t n5gehtoolsmqtt-gateway-frontend:latest -f ./frontend/Dockerfile . + + - name: Build Gateway image + run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . + + - name: Snyk Scan API image + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-api:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: Snyk Scan Frontend image + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-frontend:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: Snyk Scan Gateway image + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-gateway:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} diff --git a/Snyk/README.md b/Snyk/README.md new file mode 100644 index 0000000..7f32caf --- /dev/null +++ b/Snyk/README.md @@ -0,0 +1,52 @@ +# Snyk Container Image Scanning + +## Overview + +This repository contains a script to scan all active Docker images for vulnerabilities using Snyk. The results of the scan are stored in individual Markdown files within the `scan_results` directory. + +## Prerequisites + +- Ensure Docker is installed and running on your system. + +- Ensure Snyk CLI is installed. You can install it using npm: + ```commandline + npm install -g snyk + ``` + +- Authenticate Snyk CLI using your Snyk API token: + ```commandline + snyk auth YOUR_SNYK_API_TOKEN + ``` + +## Running the script + +- Clone the repository (if you haven't already): + ```commandline + git clone https://github.com/N5GEH/n5geh.tools.mqtt-gateway.git + cd n5geh.tools.mqtt-gateway/ + ``` +- The repository contains a `docker-compose.yml` file that can be used to start building the image and then start the gateway services. + The gateway can be started with the following command: + + ```commandline + cd fiware-environment + docker compose pull + docker compose up -d + + cd.. + + cd n5geh.tools.mqtt-gateway/ + docker compose build + docker compose up -d + ``` + +- Navigate to the Snyk directory: + ```commandline + cd Snyk + ``` +- Set permissions and run the script: + ```commandline + chmod +x scan.sh + ./scan.sh + ``` +- The script will create a scan_results directory and store the results of the scans for each active Docker image in separate Markdown files. \ No newline at end of file diff --git a/Snyk/scan.sh b/Snyk/scan.sh new file mode 100755 index 0000000..1261790 --- /dev/null +++ b/Snyk/scan.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +# Create a directory for the scan results +results_dir="scan_results" +mkdir -p $results_dir + +# Get a list of active Docker images +images=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -v ":") + +# Scan each image and save the result to a separate file +for image in $images +do + # Create a valid filename by replacing ":" with "_" and "/" with "_" + filename=$(echo "$image" | tr ':/' '__') + + # Define the output file path + output_file="$results_dir/${filename}.md" + + # Ensure the directory exists + mkdir -p "$(dirname "$output_file")" + + # Scan the image and save the result + echo "Scanning $image..." + echo "**Scanning $image**" > $output_file + echo '```' >> $output_file + snyk container test $image >> $output_file + echo '```' >> $output_file +done diff --git a/Snyk/scan_results/crate_crate_4.6.6.md b/Snyk/scan_results/crate_crate_4.6.6.md new file mode 100644 index 0000000..e17acaf --- /dev/null +++ b/Snyk/scan_results/crate_crate_4.6.6.md @@ -0,0 +1,9039 @@ +**Scanning crate/crate:4.6.6** +``` + +Testing crate/crate:4.6.6... + +✗ Low severity vulnerability found in vim-minimal + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1972550 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1973048 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1980312 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1982569 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1982606 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2025402 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2025542 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2026967 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2311766 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2327620 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2385970 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2444878 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2813239 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933325 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933359 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933361 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Buffer Over-read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933386 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Buffer Over-read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933958 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Buffer Over-read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2936187 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937522 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937530 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937532 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937542 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937564 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937570 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937572 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941487 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941513 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941517 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941521 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941563 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941583 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2949917 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2949935 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2950125 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978707 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Undefined Behavior for Input to API + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978717 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978719 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978733 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2984732 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2984746 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Buffer Under-read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2988619 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2988625 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2988777 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2991448 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2991496 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3008892 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3008894 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3013745 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3015810 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3022278 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3032961 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3032975 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3033479 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3037777 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3040686 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3092529 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3165527 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3168013 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3168029 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3227495 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Unchecked Return Value + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3232284 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3232338 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3244928 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3245544 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3259417 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3337664 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3358186 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3358190 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Incorrect Calculation of Buffer Size + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3358218 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5497713 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5594473 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5594527 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5842140 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5934026 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5952808 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5969138 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6039466 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068631 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068651 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068663 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068675 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068691 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068722 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Improper Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068730 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6083857 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in vim-minimal + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6231624 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in util-linux + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-1946411 + Introduced through: util-linux@2.23.2-65.el7 + From: util-linux@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in util-linux + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-2025256 + Introduced through: util-linux@2.23.2-65.el7 + From: util-linux@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in tar + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-1990470 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in tar + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-2001640 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in tar + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-2014107 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in tar + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-6120499 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in systemd-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1966179 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in systemd + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1966080 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: Insecure Temporary File + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1965158 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1973032 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1976968 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1977167 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1994293 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1997669 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2403545 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-3009912 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-5748848 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in sqlite + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-6154485 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in shadow-utils + Description: Incorrect Implementation of Authentication Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SHADOWUTILS-5877084 + Introduced through: shadow-utils@2:4.6-5.el7 + From: shadow-utils@2:4.6-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in rpm-python + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2017360 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in rpm-libs + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2016349 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in rpm-build-libs + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2015889 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in rpm + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2017331 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in readline + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-READLINE-2834324 + Introduced through: readline@6.2-11.el7 + From: readline@6.2-11.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-pip + Description: Use of Less Trusted Source + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-1992926 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-pip + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-2023960 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-pip + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-6144966 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-libs + Description: Improper Handling of Highly Compressed Data (Data Amplification) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2001772 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-libs + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2025924 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-libs + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-7275498 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-7412369 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3 + Description: Improper Handling of Highly Compressed Data (Data Amplification) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2002970 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2026117 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3 + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-7275492 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python3 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-7412371 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1989355 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python-libs + Description: Improper Handling of Highly Compressed Data (Data Amplification) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2002979 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python-libs + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2027199 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python-libs + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-7275486 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-7412383 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1989327 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python + Description: Improper Handling of Highly Compressed Data (Data Amplification) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2002919 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2026054 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-7275478 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-7412373 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in procps-ng + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-1989997 + Introduced through: procps-ng@3.3.10-28.el7 + From: procps-ng@3.3.10-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in procps-ng + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-1991010 + Introduced through: procps-ng@3.3.10-28.el7 + From: procps-ng@3.3.10-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in procps-ng + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-1991065 + Introduced through: procps-ng@3.3.10-28.el7 + From: procps-ng@3.3.10-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in procps-ng + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-5835283 + Introduced through: procps-ng@3.3.10-28.el7 + From: procps-ng@3.3.10-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in pcre + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1951812 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in pcre + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1971374 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in pcre + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1983180 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in pcre + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1983186 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in pcre + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1983227 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in pcre + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-2004967 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-1994940 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-1996381 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2005420 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2024666 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3048408 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3371158 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5328749 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5331111 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5804695 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5812735 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Missing Required Cryptographic Step + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-6050606 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Reversible One-Way Hash + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-6150420 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-6246386 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-7412305 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openssl + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-1994959 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-1996331 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2007039 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2025846 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3048706 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3371160 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5328757 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5331115 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5804689 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5812737 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Missing Required Cryptographic Step + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-6050610 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Reversible One-Way Hash + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-6150416 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-6246380 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openssl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-7412301 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Low severity vulnerability found in openldap + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-1963951 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openldap + Description: Improper Validation of Certificate with Host Mismatch + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2005965 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in openldap + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-5660520 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in nss-tools + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2003333 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in nss-sysinit + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2003327 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in nss-softokn-freebl + Description: Incorrect Calculation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKNFREEBL-1955858 + Introduced through: nss-softokn-freebl@3.53.1-6.el7_9 + From: nss-softokn-freebl@3.53.1-6.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in nss-softokn + Description: Incorrect Calculation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKN-1958713 + Introduced through: nss-softokn@3.53.1-6.el7_9 + From: nss-softokn@3.53.1-6.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in nss + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2004596 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1970438 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1973625 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1974521 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1975175 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1975194 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1976025 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1976916 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1976967 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1977500 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1979532 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1988555 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1990250 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1990318 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-2025517 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862489 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862490 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862512 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862528 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862538 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862558 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-6124347 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1972091 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1973112 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1974311 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1974426 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1975164 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1976134 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1976196 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1976242 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1977408 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1980452 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1990176 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1990980 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1991994 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-2028324 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862481 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862486 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862506 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862530 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862536 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862560 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses-base + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-6124341 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1971067 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1973080 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975128 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975135 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975148 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975223 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1976006 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1976933 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1977504 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1981664 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1990216 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1991785 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1992597 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-2027155 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862478 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862482 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862504 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862522 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862534 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862552 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ncurses + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-6124343 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2-python + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1982929 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2-python + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1986072 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2-python + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1987699 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2-python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5952810 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2-python + Description: Buffer Over-read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-6852548 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1982911 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2 + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1986276 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1987432 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5952812 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libxml2 + Description: Buffer Over-read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-6852544 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libuuid + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-1944179 + Introduced through: libuuid@2.23.2-65.el7 + From: libuuid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libuuid + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-2026204 + Introduced through: libuuid@2.23.2-65.el7 + From: libuuid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libtasn1 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1971763 + Introduced through: libtasn1@4.10-1.el7 + From: libtasn1@4.10-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libtasn1 + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1985003 + Introduced through: libtasn1@4.10-1.el7 + From: libtasn1@4.10-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libtasn1 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1989457 + Introduced through: libtasn1@4.10-1.el7 + From: libtasn1@4.10-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1944396 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1958409 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1960099 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1961558 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962068 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962369 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962398 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962523 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1963332 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1990592 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1995723 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2386086 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2441042 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libstdc++ + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-3012204 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libssh2 + Description: Unchecked Return Value + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-6131682 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libmount + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-1944085 + Introduced through: libmount@2.23.2-65.el7 + From: libmount@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libmount + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-2026187 + Introduced through: libmount@2.23.2-65.el7 + From: libmount@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libidn + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1943056 + Introduced through: libidn@1.28-4.el7 + From: libidn@1.28-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libidn + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1953391 + Introduced through: libidn@1.28-4.el7 + From: libidn@1.28-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libidn + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1965942 + Introduced through: libidn@1.28-4.el7 + From: libidn@1.28-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libidn + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1966319 + Introduced through: libidn@1.28-4.el7 + From: libidn@1.28-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libidn + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1966514 + Introduced through: libidn@1.28-4.el7 + From: libidn@1.28-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libidn + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1977845 + Introduced through: libidn@1.28-4.el7 + From: libidn@1.28-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcrypt + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1938424 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcrypt + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1943863 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1944360 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1958647 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1960525 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1960738 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1961094 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1962115 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1962355 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1962716 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1963266 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1990534 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1996602 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2385990 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2441014 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libgcc + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-3012228 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libdb-utils + Description: Improper Access Control + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDBUTILS-2002369 + Introduced through: libdb-utils@5.3.21-25.el7 + From: libdb-utils@5.3.21-25.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libdb + Description: Improper Access Control + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDB-2001052 + Introduced through: libdb@5.3.21-25.el7 + From: libdb@5.3.21-25.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1951978 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1968088 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1968233 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969858 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969953 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1970361 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1971205 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1982843 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1992039 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Untrusted Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2015843 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Use of Uninitialized Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017371 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Use of Uninitialized Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017387 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823585 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Improper Validation of Syntactic Correctness of Input + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3013791 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3179690 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:7.29.0-59.el7_9.2 + +✗ Low severity vulnerability found in libcurl + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367077 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-5561466 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcurl + Description: External Control of File Name or Path + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-5960375 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcom_err + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCOMERR-1942721 + Introduced through: libcom_err@1.42.9-19.el7 + From: libcom_err@1.42.9-19.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libcap + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCAP-5660540 + Introduced through: libcap@2.22-11.el7 + From: libcap@2.22-11.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libblkid + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-1945786 + Introduced through: libblkid@2.23.2-65.el7 + From: libblkid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in libblkid + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-2025172 + Introduced through: libblkid@2.23.2-65.el7 + From: libblkid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in krb5-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1971330 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in krb5-libs + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-6335240 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in krb5-libs + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-6335416 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gpgme + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GPGME-1941077 + Introduced through: gpgme@1.3.2-5.el7 + From: gpgme@1.3.2-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gnupg2 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1940637 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gnupg2 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1942097 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gnupg2 + Description: Incorrect Calculation of Buffer Size + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1942430 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gnupg2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1944098 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gnupg2 + Description: Missing Required Cryptographic Step + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1994985 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gnupg2 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-3024686 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1940217 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1951775 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1952114 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Improper Data Handling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1953625 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1956406 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1977079 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2009845 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc-common + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2022097 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1939134 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1952062 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Improper Data Handling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1953293 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1953341 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1955476 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1977459 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2010980 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glibc + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2022555 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1972785 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1983968 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1984065 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1984573 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1991240 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1995228 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2020186 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834061 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666250 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666266 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666272 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in glib2 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666280 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in gawk + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GAWK-5821357 + Introduced through: gawk@4.0.2-4.el7_3.1 + From: gawk@4.0.2-4.el7_3.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in file-libs + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-FILELIBS-1942004 + Introduced through: file-libs@5.11-37.el7 + From: file-libs@5.11-37.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in file-libs + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-FILELIBS-1953839 + Introduced through: file-libs@5.11-37.el7 + From: file-libs@5.11-37.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in file-libs + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-FILELIBS-5874089 + Introduced through: file-libs@5.11-37.el7 + From: file-libs@5.11-37.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1968621 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1954996 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1957865 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1983303 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1983525 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1984233 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1984904 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1986235 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1986335 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1986437 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-5851057 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-6257926 + Introduced through: elfutils-libs@0.176-5.el7 + From: elfutils-libs@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1956791 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1958047 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1983453 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1983476 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1984834 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985009 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985204 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985205 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985603 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-5851059 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-libelf + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-6257913 + Introduced through: elfutils-libelf@0.176-5.el7 + From: elfutils-libelf@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1956853 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1957924 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1984852 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1984930 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1984950 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985035 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985136 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985232 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985608 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-5851067 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in elfutils-default-yama-scope + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-6257922 + Introduced through: elfutils-default-yama-scope@0.176-5.el7 + From: elfutils-default-yama-scope@0.176-5.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in device-mapper-libs + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DEVICEMAPPERLIBS-2014867 + Introduced through: device-mapper-libs@7:1.02.170-6.el7 + From: device-mapper-libs@7:1.02.170-6.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in device-mapper + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DEVICEMAPPER-2014658 + Introduced through: device-mapper@7:1.02.170-6.el7 + From: device-mapper@7:1.02.170-6.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1938369 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1938510 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus-libs + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1939957 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus-libs + Description: Algorithmic Complexity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1940623 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus-libs + Description: Improper Authorization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1942088 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-2014154 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus + Description: Algorithmic Complexity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1938761 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1938877 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1940326 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1940727 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus + Description: Improper Authorization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1941918 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in dbus + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-2012927 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1952033 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1968661 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969343 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969802 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969881 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969969 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1970292 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1982899 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1992007 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Untrusted Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2014763 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Use of Uninitialized Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2017392 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Use of Uninitialized Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2017414 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823591 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Improper Validation of Syntactic Correctness of Input + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3013781 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3179636 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:7.29.0-59.el7_9.2 + +✗ Low severity vulnerability found in curl + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367093 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-5561468 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in curl + Description: External Control of File Name or Path + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-5960373 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in cracklib-dicts + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CRACKLIBDICTS-1967091 + Introduced through: cracklib-dicts@2.9.0-11.el7 + From: cracklib-dicts@2.9.0-11.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in cracklib + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CRACKLIB-1964928 + Introduced through: cracklib@2.9.0-11.el7 + From: cracklib@2.9.0-11.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in cpio + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-1942162 + Introduced through: cpio@2.11-28.el7 + From: cpio@2.11-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in cpio + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-1957463 + Introduced through: cpio@2.11-28.el7 + From: cpio@2.11-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in cpio + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-6229986 + Introduced through: cpio@2.11-28.el7 + From: cpio@2.11-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1943168 + Introduced through: coreutils@8.22-24.el7 + From: coreutils@8.22-24.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in coreutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1943437 + Introduced through: coreutils@8.22-24.el7 + From: coreutils@8.22-24.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in coreutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1944972 + Introduced through: coreutils@8.22-24.el7 + From: coreutils@8.22-24.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in ca-certificates + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CACERTIFICATES-6055613 + Introduced through: ca-certificates@2020.2.41-70.0.el7_8 + From: ca-certificates@2020.2.41-70.0.el7_8 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in bzip2-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BZIP2LIBS-1960508 + Introduced through: bzip2-libs@1.0.6-13.el7 + From: bzip2-libs@1.0.6-13.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in bzip2-libs + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BZIP2LIBS-1993646 + Introduced through: bzip2-libs@1.0.6-13.el7 + From: bzip2-libs@1.0.6-13.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1942169 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1949868 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1959519 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960002 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960072 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960362 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960688 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1962483 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1963252 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1963879 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1973019 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974322 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974370 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974526 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974529 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974535 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974552 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974563 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974591 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975078 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975099 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975173 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975352 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975602 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975644 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975922 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976222 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976248 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976275 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976392 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976543 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976545 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976590 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977089 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977396 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977547 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977616 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977696 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977727 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977734 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977887 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977891 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977913 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1978293 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1978868 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1978892 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979032 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979074 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979338 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979493 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979555 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979624 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979892 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980218 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980418 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980516 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980564 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981013 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981041 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981583 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981754 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981784 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983223 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983618 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983705 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983745 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983766 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983833 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984250 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984664 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984683 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984798 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985134 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985155 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985322 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985323 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Null Termination + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985326 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985631 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985874 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986157 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986169 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986273 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986682 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986710 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987232 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987241 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987269 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987549 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987574 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987616 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987666 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987672 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987685 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987906 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987968 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987992 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987995 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1988964 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1988992 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989073 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989093 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989149 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989348 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989371 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989439 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990067 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990075 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990117 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990275 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990564 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990582 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990662 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990671 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990690 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991342 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991481 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991542 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991620 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991748 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991942 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992123 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992226 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992330 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992754 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992975 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993000 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993147 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993181 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993580 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993912 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1994081 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1995216 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1997319 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1999141 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2006767 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2007634 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2007755 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2007832 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2010954 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012294 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012339 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Use of Uninitialized Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012841 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012950 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2013149 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3012246 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3018576 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Use of Uninitialized Variable + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3316097 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3316105 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Use of Uninitialized Variable + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3316117 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5417801 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857513 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857516 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857532 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857583 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in binutils + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857589 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in bind-license + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-1938248 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in bind-license + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-1966395 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Low severity vulnerability found in bash + Description: Privilege Dropping / Lowering Errors + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BASH-1998407 + Introduced through: bash@4.2.46-34.el7 + From: bash@4.2.46-34.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in zlib + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ZLIB-2977274 + Introduced through: zlib@1.2.7-18.el7 + From: zlib@1.2.7-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:1.2.7-21.el7_9 + +✗ Medium severity vulnerability found in zlib + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ZLIB-5971504 + Introduced through: zlib@1.2.7-18.el7 + From: zlib@1.2.7-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: OS Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2002103 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2025969 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2026497 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2026823 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2308071 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2308083 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2339232 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2339492 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2385982 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2814306 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in vim-minimal + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2814308 + Introduced through: vim-minimal@2:7.4.629-7.el7 + From: vim-minimal@2:7.4.629-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in util-linux + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-1942353 + Introduced through: util-linux@2.23.2-65.el7 + From: util-linux@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in util-linux + Description: Privilege Context Switching Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-1960910 + Introduced through: util-linux@2.23.2-65.el7 + From: util-linux@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in util-linux + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-2401559 + Introduced through: util-linux@2.23.2-65.el7 + From: util-linux@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in util-linux + Description: OS Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-5898178 + Introduced through: util-linux@2.23.2-65.el7 + From: util-linux@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-1937456 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in tar + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-1965994 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in tar + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-3310895 + Introduced through: tar@2:1.26-35.el7 + From: tar@2:1.26-35.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1938711 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1982654 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1991599 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Incorrect Authorization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2001728 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Missing Authentication for Critical Function + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2004528 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2005081 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2336835 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3098051 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Deadlock + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3150686 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3179730 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd-libs + Description: CVE-2023-26604 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3342257 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1938368 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1982090 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1993128 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Incorrect Authorization + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2002339 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Missing Authentication for Critical Function + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2004853 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Expected Behavior Violation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2006239 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2336825 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3098031 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Deadlock + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3150690 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3179648 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in systemd + Description: CVE-2023-26604 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3342253 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1950788 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1982972 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1993754 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1995542 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Use of Uninitialized Resource + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1996537 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1998360 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1999376 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1999575 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Unchecked Error Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2000154 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2000719 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Unchecked Error Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2001310 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2001528 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2003546 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2004865 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Improper Validation of Array Index + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2960017 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-3010032 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in sqlite + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-5422018 + Introduced through: sqlite@3.7.17-8.el7_7.1 + From: sqlite@3.7.17-8.el7_7.1 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-1983859 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-1985857 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2022693 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2022818 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2023286 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2023287 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2023547 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-python + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2186730 + Introduced through: rpm-python@4.11.3-45.el7 + From: rpm-python@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:4.11.3-48.el7_9 + +✗ Medium severity vulnerability found in rpm-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-1984397 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-1985279 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2022737 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2022900 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2024536 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2025459 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2025518 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-libs + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2187549 + Introduced through: rpm-libs@4.11.3-45.el7 + From: rpm-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:4.11.3-48.el7_9 + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-1983047 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-1984822 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2022563 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2022791 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2022873 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2023392 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2024096 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm-build-libs + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2186657 + Introduced through: rpm-build-libs@4.11.3-45.el7 + From: rpm-build-libs@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:4.11.3-48.el7_9 + +✗ Medium severity vulnerability found in rpm + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-1984450 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-1984546 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2021206 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2022545 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2023192 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2023211 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2023565 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in rpm + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2186841 + Introduced through: rpm@4.11.3-45.el7 + From: rpm@4.11.3-45.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:4.11.3-48.el7_9 + +✗ Medium severity vulnerability found in python3-setuptools + Description: Incorrect Regular Expression + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3SETUPTOOLS-3227010 + Introduced through: python3-setuptools@39.2.0-10.el7 + From: python3-setuptools@39.2.0-10.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-2000456 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-2837986 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-5952828 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-5970499 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-6101854 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Always-Incorrect Control Flow Implementation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-6962093 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-pip + Description: Incorrect Resource Transfer Between Spheres + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-7297942 + Introduced through: python3-pip@9.0.3-8.el7 + From: python3-pip@9.0.3-8.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-1997816 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2010067 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Eval Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2010179 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2017006 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2020693 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2022899 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2023989 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Unchecked Return Value + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2328132 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2387320 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2766845 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Open Redirect + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2991236 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3017285 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3111051 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3136145 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5499645 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5751494 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5902156 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5915249 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-6062934 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-6063038 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3-libs + Description: Multiple Interpretations of UI Input + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-6688270 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-1998403 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2008957 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Eval Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2010411 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2018889 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2021729 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2024021 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2027051 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Unchecked Return Value + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2328134 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2387310 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2766843 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Open Redirect + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2991244 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3017291 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3111014 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3136127 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5499629 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5751478 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5902144 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5915251 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-6062938 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-6063034 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python3 + Description: Multiple Interpretations of UI Input + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-6688264 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Cryptographic Issues + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1937092 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1937990 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1938432 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1972247 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1997331 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2007337 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-92.el7_9 + +✗ Medium severity vulnerability found in python-libs + Description: Eval Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2010260 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2018864 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2021979 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-92.el7_9 + +✗ Medium severity vulnerability found in python-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2027058 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2181035 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-90.el7 + +✗ Medium severity vulnerability found in python-libs + Description: Unchecked Return Value + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2328116 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2387322 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2838244 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2936577 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-92.el7_9 + +✗ Medium severity vulnerability found in python-libs + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3017267 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3111000 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3136125 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5499651 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5751468 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5902160 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5915259 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-6063032 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python-libs + Description: Multiple Interpretations of UI Input + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-6688256 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Cryptographic Issues + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1937534 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1937876 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1938462 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1971231 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1996114 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2009869 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-92.el7_9 + +✗ Medium severity vulnerability found in python + Description: Eval Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2011503 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2017975 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2022918 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-92.el7_9 + +✗ Medium severity vulnerability found in python + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2025640 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2178649 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-90.el7 + +✗ Medium severity vulnerability found in python + Description: Unchecked Return Value + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2328108 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2387342 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2838236 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: HTTP Response Splitting + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2936581 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-92.el7_9 + +✗ Medium severity vulnerability found in python + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3017265 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3110982 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3136135 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5499637 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5751492 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5902146 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5915255 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-6063042 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in python + Description: Multiple Interpretations of UI Input + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-6688254 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in pcre + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1981489 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in pcre + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1982295 + Introduced through: pcre@8.32-17.el7 + From: pcre@8.32-17.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in pam + Description: Insecure Inherited Permissions + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PAM-6181078 + Introduced through: pam@1.1.8-23.el7 + From: pam@1.1.8-23.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in p11-kit-trust + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KITTRUST-2012548 + Introduced through: p11-kit-trust@0.23.5-3.el7 + From: p11-kit-trust@0.23.5-3.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in p11-kit-trust + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KITTRUST-2013605 + Introduced through: p11-kit-trust@0.23.5-3.el7 + From: p11-kit-trust@0.23.5-3.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in p11-kit + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KIT-2010715 + Introduced through: p11-kit@0.23.5-3.el7 + From: p11-kit@0.23.5-3.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in p11-kit + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KIT-2011663 + Introduced through: p11-kit@0.23.5-3.el7 + From: p11-kit@0.23.5-3.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Client-Side Enforcement of Server-Side Security + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-1994852 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2025480 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 1:1.0.2k-23.el7_9 + +✗ Medium severity vulnerability found in openssl-libs + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2808317 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2833894 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2933996 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3316028 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3316063 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5662623 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openssl + Description: Client-Side Enforcement of Server-Side Security + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-1996407 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openssl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2025809 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + Fixed in: 1:1.0.2k-23.el7_9 + +✗ Medium severity vulnerability found in openssl + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2808319 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openssl + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2833962 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openssl + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2934008 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openssl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3316057 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openssl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3316121 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openssl + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5662615 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + +✗ Medium severity vulnerability found in openldap + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-1993738 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Improper Access Control + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-1995396 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2008368 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.4.44-25.el7_9 + +✗ Medium severity vulnerability found in openldap + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2008794 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.4.44-25.el7_9 + +✗ Medium severity vulnerability found in openldap + Description: Release of Invalid Pointer or Reference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012260 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Improper Handling of Length Parameter Inconsistency + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012320 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Integer Underflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012362 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012598 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012810 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2013192 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2013287 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Release of Invalid Pointer or Reference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2013339 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2014441 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2014611 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2020930 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in openldap + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2183644 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.4.44-23.el7_9 + +✗ Medium severity vulnerability found in openldap + Description: SQL Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2808614 + Introduced through: openldap@2.4.44-22.el7 + From: openldap@2.4.44-22.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-1967848 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: Missing Required Cryptographic Step + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-1971719 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-1991575 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2183750 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.53.1-7.el7_9 + +✗ Medium severity vulnerability found in nss-tools + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2833896 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2834245 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-5961892 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-tools + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-6151988 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: Missing Required Cryptographic Step + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-1968565 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-1970987 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-1993200 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2185854 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.53.1-7.el7_9 + +✗ Medium severity vulnerability found in nss-sysinit + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2833918 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2834257 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-5961894 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-sysinit + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-6151992 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-softokn-freebl + Description: Incorrect Conversion between Numeric Types + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKNFREEBL-1984840 + Introduced through: nss-softokn-freebl@3.53.1-6.el7_9 + From: nss-softokn-freebl@3.53.1-6.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-softokn-freebl + Description: Improperly Implemented Security Check for Standard + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKNFREEBL-2833942 + Introduced through: nss-softokn-freebl@3.53.1-6.el7_9 + From: nss-softokn-freebl@3.53.1-6.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-softokn + Description: Incorrect Conversion between Numeric Types + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKN-1986314 + Introduced through: nss-softokn@3.53.1-6.el7_9 + From: nss-softokn@3.53.1-6.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss-softokn + Description: Improperly Implemented Security Check for Standard + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKN-2833944 + Introduced through: nss-softokn@3.53.1-6.el7_9 + From: nss-softokn@3.53.1-6.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-1969936 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: Missing Required Cryptographic Step + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-1971701 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-1991539 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2183624 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.53.1-7.el7_9 + +✗ Medium severity vulnerability found in nss + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2833964 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2834247 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-5961896 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nss + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-6151996 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in nspr + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSPR-1958603 + Introduced through: nspr@4.25.0-2.el7_9 + From: nspr@4.25.0-2.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-libs + Description: Use of Externally-Controlled Format String + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1973224 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-libs + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1973258 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1996069 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1997391 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-libs + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5489424 + Introduced through: ncurses-libs@5.9-14.20130511.el7_4 + From: ncurses-libs@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-base + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1970833 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-base + Description: Use of Externally-Controlled Format String + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1970855 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1995788 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-base + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1995930 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses-base + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5489418 + Introduced through: ncurses-base@5.9-14.20130511.el7_4 + From: ncurses-base@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses + Description: Use of Externally-Controlled Format String + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1970096 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1972040 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1997261 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1998303 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in ncurses + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5489414 + Introduced through: ncurses@5.9-14.20130511.el7_4 + From: ncurses@5.9-14.20130511.el7_4 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in lz4 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LZ4-1995944 + Introduced through: lz4@1.8.3-1.el7 + From: lz4@1.8.3-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in lz4 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LZ4-2022180 + Introduced through: lz4@1.8.3-1.el7 + From: lz4@1.8.3-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in lua + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LUA-1941172 + Introduced through: lua@5.1.4-15.el7 + From: lua@5.1.4-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in lua + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LUA-2388267 + Introduced through: lua@5.1.4-15.el7 + From: lua@5.1.4-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1961708 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1968462 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1970284 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1980502 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1981170 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1983829 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1985438 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1986644 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1988292 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2009090 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2022186 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2023399 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2023708 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2023870 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2024915 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2185571 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.9.1-6.el7_9.6 + +✗ Medium severity vulnerability found in libxml2-python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2412320 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2809237 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Cross-site Scripting (XSS) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2964632 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-3057749 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-3057771 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5419771 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5419845 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5877052 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2-python + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-6227837 + Introduced through: libxml2-python@2.9.1-6.el7.5 + From: libxml2-python@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1963063 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1970179 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1971170 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1979574 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1980273 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1982867 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1986245 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1986322 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1988246 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2008774 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2022472 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2022733 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2023352 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2023720 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2024089 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2187205 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.9.1-6.el7_9.6 + +✗ Medium severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2412229 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2809239 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Cross-site Scripting (XSS) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2964634 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-3057753 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-3057761 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5419773 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5419847 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5877050 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-6227835 + Introduced through: libxml2@2.9.1-6.el7.5 + From: libxml2@2.9.1-6.el7.5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libuuid + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-1942407 + Introduced through: libuuid@2.23.2-65.el7 + From: libuuid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libuuid + Description: Privilege Context Switching Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-1959616 + Introduced through: libuuid@2.23.2-65.el7 + From: libuuid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libuuid + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-2401639 + Introduced through: libuuid@2.23.2-65.el7 + From: libuuid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libuuid + Description: OS Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-5898180 + Introduced through: libuuid@2.23.2-65.el7 + From: libuuid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libtirpc + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTIRPC-1960349 + Introduced through: libtirpc@0.2.4-0.16.el7 + From: libtirpc@0.2.4-0.16.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libtirpc + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTIRPC-2957886 + Introduced through: libtirpc@0.2.4-0.16.el7 + From: libtirpc@0.2.4-0.16.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libtasn1 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1962283 + Introduced through: libtasn1@4.10-1.el7 + From: libtasn1@4.10-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libtasn1 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1992987 + Introduced through: libtasn1@4.10-1.el7 + From: libtasn1@4.10-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libtasn1 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-3104745 + Introduced through: libtasn1@4.10-1.el7 + From: libtasn1@4.10-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1938766 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1990491 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1997131 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2007863 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Cross-site Scripting (XSS) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2008634 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2011486 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2011831 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2011892 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2018439 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2029265 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libstdc++ + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2838386 + Introduced through: libstdc++@4.8.5-44.el7 + From: libstdc++@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libssh2 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-1993789 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libssh2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-2000708 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libssh2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-2000774 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libssh2 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-5499625 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libssh2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-5873858 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:1.8.0-4.el7_9.1 + +✗ Medium severity vulnerability found in libssh2 + Description: Truncation of Security-relevant Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-6131658 + Introduced through: libssh2@1.8.0-4.el7 + From: libssh2@1.8.0-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libsepol + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2023461 + Introduced through: libsepol@2.5-10.el7 + From: libsepol@2.5-10.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libsepol + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2023587 + Introduced through: libsepol@2.5-10.el7 + From: libsepol@2.5-10.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libsepol + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2024534 + Introduced through: libsepol@2.5-10.el7 + From: libsepol@2.5-10.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libsepol + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2025917 + Introduced through: libsepol@2.5-10.el7 + From: libsepol@2.5-10.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libmount + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-1940061 + Introduced through: libmount@2.23.2-65.el7 + From: libmount@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libmount + Description: Privilege Context Switching Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-1959622 + Introduced through: libmount@2.23.2-65.el7 + From: libmount@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libmount + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-2401513 + Introduced through: libmount@2.23.2-65.el7 + From: libmount@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libmount + Description: OS Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-5898174 + Introduced through: libmount@2.23.2-65.el7 + From: libmount@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcrypt + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1940446 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcrypt + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1984596 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcrypt + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1995158 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcrypt + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-2022570 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcrypt + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-2026262 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcrypt + Description: Covert Timing Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-6411288 + Introduced through: libgcrypt@1.5.3-14.el7 + From: libgcrypt@1.5.3-14.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1941609 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1990683 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1998132 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2006936 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Cross-site Scripting (XSS) + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2008630 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2011161 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2012006 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2013199 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2019988 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2028192 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libgcc + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2838422 + Introduced through: libgcc@4.8.5-44.el7 + From: libgcc@4.8.5-44.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libdb-utils + Description: CVE-2017-10140 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDBUTILS-1970172 + Introduced through: libdb-utils@5.3.21-25.el7 + From: libdb-utils@5.3.21-25.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libdb + Description: CVE-2017-10140 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDB-1973226 + Introduced through: libdb@5.3.21-25.el7 + From: libdb@5.3.21-25.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1943212 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Resource Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1967334 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969082 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969499 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969559 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969909 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1970504 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1972254 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1986353 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2012827 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2014233 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017276 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017347 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2018012 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2018654 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2177042 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:7.29.0-59.el7_9.1 + +✗ Medium severity vulnerability found in libcurl + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2804284 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2804294 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2814316 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2814342 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Release of Invalid Pointer or Reference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823575 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823589 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823597 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Improper Enforcement of Message Integrity During Transmission in a Communication Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2936573 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3179638 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367087 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367089 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367095 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-5561321 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcurl + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-6507896 + Introduced through: libcurl@7.29.0-59.el7 + From: libcurl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcom_err + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCOMERR-1941906 + Introduced through: libcom_err@1.42.9-19.el7 + From: libcom_err@1.42.9-19.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcom_err + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCOMERR-2634812 + Introduced through: libcom_err@1.42.9-19.el7 + From: libcom_err@1.42.9-19.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libcap + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCAP-5660496 + Introduced through: libcap@2.22-11.el7 + From: libcap@2.22-11.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libblkid + Description: Arbitrary Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-1942365 + Introduced through: libblkid@2.23.2-65.el7 + From: libblkid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libblkid + Description: Privilege Context Switching Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-1958357 + Introduced through: libblkid@2.23.2-65.el7 + From: libblkid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libblkid + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-2401567 + Introduced through: libblkid@2.23.2-65.el7 + From: libblkid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in libblkid + Description: OS Command Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-5898182 + Introduced through: libblkid@2.23.2-65.el7 + From: libblkid@2.23.2-65.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1933758 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1939329 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1944381 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1944450 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1945297 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1979291 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-2009947 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-2023214 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-2186809 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:1.15.1-51.el7_9 + +✗ Medium severity vulnerability found in krb5-libs + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-6335350 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: CVE-2024-37370 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-7412329 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in krb5-libs + Description: CVE-2024-37371 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-7412351 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in json-c + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-JSONC-2003602 + Introduced through: json-c@0.11-4.el7_0 + From: json-c@0.11-4.el7_0 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in gnupg2 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1941578 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in gnupg2 + Description: Improper Validation of Certificate with Host Mismatch + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1994967 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in gnupg2 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-2946186 + Introduced through: gnupg2@2.0.22-5.el7_5 + From: gnupg2@2.0.22-5.el7_5 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in gmp + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GMP-1933812 + Introduced through: gmp@1:6.0.0-15.el7 + From: gmp@1:6.0.0-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1937432 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1953639 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1957283 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1962825 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1987963 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2000064 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2005240 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2024308 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2180733 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-322.el7_9 + +✗ Medium severity vulnerability found in glibc-common + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2180746 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-322.el7_9 + +✗ Medium severity vulnerability found in glibc-common + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2183682 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-322.el7_9 + +✗ Medium severity vulnerability found in glibc-common + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2336849 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2347213 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2347573 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-5898594 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-5898616 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc-common + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-5918047 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1937915 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1951857 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1955944 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1962079 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1985907 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2001887 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2008030 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2024140 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2179918 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-322.el7_9 + +✗ Medium severity vulnerability found in glibc + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2179922 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-322.el7_9 + +✗ Medium severity vulnerability found in glibc + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2181161 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-322.el7_9 + +✗ Medium severity vulnerability found in glibc + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2336847 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2347305 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2347361 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-5898604 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-5898620 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glibc + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-5918053 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2020914 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2025120 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2833874 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2833900 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2833982 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834008 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834063 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Algorithmic Complexity + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834101 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in glib2 + Description: Improper Verification of Source of a Communication Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-6826906 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1936988 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1937612 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: CVE-2013-0341 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1937914 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1962186 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Insufficient Entropy + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1964508 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1989681 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2389213 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408789 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-3104769 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-6229966 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in expat + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-6229976 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dracut + Description: Unchecked Error Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DRACUT-1961758 + Introduced through: dracut@033-572.el7 + From: dracut@033-572.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1939853 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1940151 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: CVE-2014-3477 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1941024 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-3048532 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-3048814 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-3048896 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus-libs + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-5672429 + Introduced through: dbus-libs@1:1.10.24-15.el7 + From: dbus-libs@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: CVE-2014-3477 + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1938758 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1939720 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1940613 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-3048506 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-3048508 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-3048642 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in dbus + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-5672427 + Introduced through: dbus@1:1.10.24-15.el7 + From: dbus@1:1.10.24-15.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in cyrus-sasl-lib + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CYRUSSASLLIB-1998440 + Introduced through: cyrus-sasl-lib@2.1.26-23.el7 + From: cyrus-sasl-lib@2.1.26-23.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1944709 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1967366 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Resource Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1967384 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969470 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969497 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969951 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1970580 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1972264 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1986484 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2014293 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2014780 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2015858 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2017978 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2018604 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2018677 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2178444 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:7.29.0-59.el7_9.1 + +✗ Medium severity vulnerability found in curl + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2804286 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2804290 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2814320 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2814344 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Release of Invalid Pointer or Reference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823593 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823595 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823599 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Improper Enforcement of Message Integrity During Transmission in a Communication Channel + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2936571 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3179644 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367079 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367083 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367085 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-5561323 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in curl + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-6507898 + Introduced through: curl@7.29.0-59.el7 + From: curl@7.29.0-59.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in cpio + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-2026901 + Introduced through: cpio@2.11-28.el7 + From: cpio@2.11-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in cpio + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-6335414 + Introduced through: cpio@2.11-28.el7 + From: cpio@2.11-28.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in coreutils + Description: Privilege Context Switching Error + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1959556 + Introduced through: coreutils@8.22-24.el7 + From: coreutils@8.22-24.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1981234 + Introduced through: coreutils@8.22-24.el7 + From: coreutils@8.22-24.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985054 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985116 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992263 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2000038 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2000046 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2001208 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2005060 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2006532 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2015004 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2015986 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2188035 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.27-44.base.el7_9.1 + +✗ Medium severity vulnerability found in binutils + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2316509 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2321861 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3157253 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in binutils + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3371236 + Introduced through: binutils@2.27-44.base.el7 + From: binutils@2.27-44.base.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in bind-license + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2019001 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in bind-license + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2177821 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.2 + +✗ Medium severity vulnerability found in bind-license + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2178678 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.2 + +✗ Medium severity vulnerability found in bind-license + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2178790 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.2 + +✗ Medium severity vulnerability found in bind-license + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2187607 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.7 + +✗ Medium severity vulnerability found in bind-license + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2428885 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.13 + +✗ Medium severity vulnerability found in bind-license + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3030781 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.13 + +✗ Medium severity vulnerability found in bind-license + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3248797 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in bash + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BASH-1938975 + Introduced through: bash@4.2.46-34.el7 + From: bash@4.2.46-34.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ Medium severity vulnerability found in audit-libs + Description: Improper Neutralization of Special Elements + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-AUDITLIBS-1946701 + Introduced through: audit-libs@2.8.5-4.el7 + From: audit-libs@2.8.5-4.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ High severity vulnerability found in zlib + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ZLIB-2434395 + Introduced through: zlib@1.2.7-18.el7 + From: zlib@1.2.7-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:1.2.7-20.el7_9 + +✗ High severity vulnerability found in xz-libs + Description: Incorrect Behavior Order: Early Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-XZLIBS-2860632 + Introduced through: xz-libs@5.2.2-1.el7 + From: xz-libs@5.2.2-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:5.2.2-2.el7_9 + +✗ High severity vulnerability found in xz + Description: Incorrect Behavior Order: Early Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-XZ-2860642 + Introduced through: xz@5.2.2-1.el7 + From: xz@5.2.2-1.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:5.2.2-2.el7_9 + +✗ High severity vulnerability found in systemd-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2988603 + Introduced through: systemd-libs@219-78.el7 + From: systemd-libs@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:219-78.el7_9.7 + +✗ High severity vulnerability found in systemd + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2988609 + Introduced through: systemd@219-78.el7 + From: systemd@219-78.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:219-78.el7_9.7 + +✗ High severity vulnerability found in python3-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3335200 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.6.8-19.el7_9 + +✗ High severity vulnerability found in python3-libs + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5877088 + Introduced through: python3-libs@3.6.8-18.el7 + From: python3-libs@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.6.8-21.el7_9 + +✗ High severity vulnerability found in python3 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3335262 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.6.8-19.el7_9 + +✗ High severity vulnerability found in python3 + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5877098 + Introduced through: python3@3.6.8-18.el7 + From: python3@3.6.8-18.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.6.8-21.el7_9 + +✗ High severity vulnerability found in python-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3335320 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-93.el7_9 + +✗ High severity vulnerability found in python-libs + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5900932 + Introduced through: python-libs@2.7.5-89.el7 + From: python-libs@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-94.el7_9 + +✗ High severity vulnerability found in python + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3335164 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-93.el7_9 + +✗ High severity vulnerability found in python + Description: Authentication Bypass by Primary Weakness + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5900930 + Introduced through: python@2.7.5-89.el7 + From: python@2.7.5-89.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.7.5-94.el7_9 + +✗ High severity vulnerability found in openssl-libs + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2426991 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 1:1.0.2k-25.el7_9 + +✗ High severity vulnerability found in openssl-libs + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3316065 + Introduced through: openssl-libs@1:1.0.2k-22.el7_9 + From: openssl-libs@1:1.0.2k-22.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 1:1.0.2k-26.el7_9 + +✗ High severity vulnerability found in openssl + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2427103 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + Fixed in: 1:1.0.2k-25.el7_9 + +✗ High severity vulnerability found in openssl + Description: Incorrect Type Conversion or Cast + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3316075 + Introduced through: openssl@1:1.0.2k-22.el7_9 + From: openssl@1:1.0.2k-22.el7_9 + Image layer: 'yum install -y python36 openssl' + Fixed in: 1:1.0.2k-26.el7_9 + +✗ High severity vulnerability found in nss-tools + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-3358198 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.79.0-5.el7_9 + +✗ High severity vulnerability found in nss-tools + Description: Not Failing Securely ('Failing Open') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-5879053 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ High severity vulnerability found in nss-sysinit + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-3358184 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.79.0-5.el7_9 + +✗ High severity vulnerability found in nss-sysinit + Description: Not Failing Securely ('Failing Open') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-5879047 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ High severity vulnerability found in nss + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-3358174 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.79.0-5.el7_9 + +✗ High severity vulnerability found in nss + Description: Not Failing Securely ('Failing Open') + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-5879043 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + +✗ High severity vulnerability found in krb5-libs + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-3122120 + Introduced through: krb5-libs@1.15.1-50.el7 + From: krb5-libs@1.15.1-50.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:1.15.1-55.el7_9 + +✗ High severity vulnerability found in gzip + Description: Incorrect Behavior Order: Early Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GZIP-2445567 + Introduced through: gzip@1.5-10.el7 + From: gzip@1.5-10.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:1.5-11.el7_9 + +✗ High severity vulnerability found in glibc-common + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6640682 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc-common + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688278 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc-common + Description: Improper Check or Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688544 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc-common + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688564 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc-common + Description: Improper Check or Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688796 + Introduced through: glibc-common@2.17-317.el7 + From: glibc-common@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6640656 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688276 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc + Description: Improper Check or Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688534 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688570 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glibc + Description: Improper Check or Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688798 + Introduced through: glibc@2.17-317.el7 + From: glibc@2.17-317.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.17-326.el7_9.3 + +✗ High severity vulnerability found in glib2 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2182590 + Introduced through: glib2@2.56.1-7.el7 + From: glib2@2.56.1-7.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.56.1-9.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2360977 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2360995 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Incorrect Calculation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2360997 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361031 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361051 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361057 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361075 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361077 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361187 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Incorrect Behavior Order: Early Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408779 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408803 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Inappropriate Encoding for Output Context + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408807 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-14.el7_9 + +✗ High severity vulnerability found in expat + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-3035862 + Introduced through: expat@2.1.0-12.el7 + From: expat@2.1.0-12.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.0-15.el7_9 + +✗ High severity vulnerability found in cyrus-sasl-lib + Description: SQL Injection + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CYRUSSASLLIB-2413149 + Introduced through: cyrus-sasl-lib@2.1.26-23.el7 + From: cyrus-sasl-lib@2.1.26-23.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:2.1.26-24.el7_9 + +✗ High severity vulnerability found in bind-license + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2181405 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.4 + +✗ High severity vulnerability found in bind-license + Description: Reachable Assertion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2182551 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.5 + +✗ High severity vulnerability found in bind-license + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3030795 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.10 + +✗ High severity vulnerability found in bind-license + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3030853 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.10 + +✗ High severity vulnerability found in bind-license + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-5733729 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.14 + +✗ High severity vulnerability found in bind-license + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-5913813 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.15 + +✗ High severity vulnerability found in bind-license + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-6246244 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.16 + +✗ High severity vulnerability found in bind-license + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-6246312 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.16 + +✗ High severity vulnerability found in bind-license + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-6246418 + Introduced through: bind-license@32:9.11.4-26.P2.el7 + From: bind-license@32:9.11.4-26.P2.el7 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 32:9.11.4-26.P2.el7_9.16 + +✗ Critical severity vulnerability found in nss-tools + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2308139 + Introduced through: nss-tools@3.53.1-3.el7_9 + From: nss-tools@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.67.0-4.el7_9 + +✗ Critical severity vulnerability found in nss-sysinit + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2308141 + Introduced through: nss-sysinit@3.53.1-3.el7_9 + From: nss-sysinit@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.67.0-4.el7_9 + +✗ Critical severity vulnerability found in nss + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2308137 + Introduced through: nss@3.53.1-3.el7_9 + From: nss@3.53.1-3.el7_9 + Image layer: Introduced by your base image (centos:7.9.2009) + Fixed in: 0:3.67.0-4.el7_9 + + + +Organization: bhavdeep1304 +Package manager: rpm +Project name: docker-image|crate/crate +Docker image: crate/crate:4.6.6 +Platform: linux/amd64 +Base image: centos:7.9.2009 +Licenses: enabled + +Tested 156 dependencies for known issues, found 1221 issues. + +Base Image Vulnerabilities Severity +centos:7.9.2009 1133 3 critical, 54 high, 505 medium, 571 low + +Recommendations for base image upgrade: + +Major upgrades +Base Image Vulnerabilities Severity +centos:centos8 644 0 critical, 83 high, 328 medium, 233 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/jdk/lib +Project name: crate/crate:4.6.6:/crate/jdk/lib +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Tested 72 dependencies for known issues, found 69 issues. + + +Issues to fix by upgrading: + + Upgrade com.amazonaws:aws-java-sdk-s3@1.11.1021 to com.amazonaws:aws-java-sdk-s3@1.12.760 to fix + ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMAMAZONAWS-2952700] in com.amazonaws:aws-java-sdk-s3@1.11.1021 + introduced by com.amazonaws:aws-java-sdk-s3@1.11.1021 + + Upgrade com.fasterxml.jackson.core:jackson-databind@2.11.0 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix + ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.11.0 + introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 + ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.11.0 + introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 + ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.11.0 + introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.11.0 + introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 + + Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.0 to com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.4 to fix + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329] in com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.0 + introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.0 + + Upgrade com.google.guava:guava@30.0-jre to com.google.guava:guava@32.0.0-jre to fix + ✗ Creation of Temporary File in Directory with Insecure Permissions [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356] in com.google.guava:guava@30.0-jre + introduced by com.google.guava:guava@30.0-jre + + Upgrade commons-codec:commons-codec@1.10 to commons-codec:commons-codec@1.13 to fix + ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10 + introduced by commons-codec:commons-codec@1.10 + + Upgrade io.netty:netty-codec@4.1.65.Final to io.netty:netty-codec@4.1.68.Final to fix + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584063] in io.netty:netty-codec@4.1.65.Final + introduced by io.netty:netty-codec@4.1.65.Final + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584064] in io.netty:netty-codec@4.1.65.Final + introduced by io.netty:netty-codec@4.1.65.Final + + Upgrade io.netty:netty-codec-http@4.1.65.Final to io.netty:netty-codec-http@4.1.108.Final to fix + ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812] in io.netty:netty-codec-http@4.1.65.Final + introduced by io.netty:netty-codec-http@4.1.65.Final + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-2314893] in io.netty:netty-codec-http@4.1.65.Final + introduced by io.netty:netty-codec-http@4.1.65.Final + + Upgrade io.netty:netty-common@4.1.65.Final to io.netty:netty-common@4.1.77.Final to fix + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-2812456] in io.netty:netty-common@4.1.65.Final + introduced by io.netty:netty-common@4.1.65.Final + + Upgrade io.netty:netty-handler@4.1.65.Final to io.netty:netty-handler@4.1.94.Final to fix + ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-5725787] in io.netty:netty-handler@4.1.65.Final + introduced by io.netty:netty-handler@4.1.65.Final + + Upgrade org.apache.httpcomponents:httpclient@4.5.12 to org.apache.httpcomponents:httpclient@4.5.13 to fix + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.12 + introduced by org.apache.httpcomponents:httpclient@4.5.12 + + Upgrade org.apache.logging.log4j:log4j-core@2.15.0 to org.apache.logging.log4j:log4j-core@2.17.1 to fix + ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339] in org.apache.logging.log4j:log4j-core@2.15.0 + introduced by org.apache.logging.log4j:log4j-core@2.15.0 + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524] in org.apache.logging.log4j:log4j-core@2.15.0 + introduced by org.apache.logging.log4j:log4j-core@2.15.0 + ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014] in org.apache.logging.log4j:log4j-core@2.15.0 + introduced by org.apache.logging.log4j:log4j-core@2.15.0 + + Upgrade org.graalvm.sdk:graal-sdk@21.1.0 to org.graalvm.sdk:graal-sdk@21.3.10 to fix + ✗ Denial of Service (DoS) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6616648] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Access Control [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6616653] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Privilege Management [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6160948] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6252366] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Access Control Bypass [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6252368] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Denial of Service (DoS) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781367] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Access Restriction Bypass [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781369] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781371] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781373] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Access Restriction Bypass [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781378] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457921] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Neutralization of Null Byte or NUL Character [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Remote Code Execution (RCE) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457931] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Deserialization of Untrusted Data [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343470] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Timing Attack [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-1766242] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164695] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164698] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Insertion of Sensitive Information into Log File [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164701] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164710] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Access Control [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781374] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457925] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457927] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457929] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Out-of-bounds Write [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343466] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343474] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343477] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343487] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343490] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343493] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Infinite loop [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346391] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346393] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Integer Overflow or Wraparound [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346395] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346397] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Uncaught Exception [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346426] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346453] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Integer Overflow or Wraparound [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346571] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2347581] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Access Control [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-1765539] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Access Restriction Bypass [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-1766172] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Covert Timing Channel [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6162757] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Privilege Management [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6163607] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Improper Privilege Management [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164703] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + ✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457933] in org.graalvm.sdk:graal-sdk@21.1.0 + introduced by org.graalvm.sdk:graal-sdk@21.1.0 + + Upgrade org.yaml:snakeyaml@1.26 to org.yaml:snakeyaml@2.0 to fix + ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-6056527] in org.yaml:snakeyaml@1.26 + introduced by org.yaml:snakeyaml@1.26 + + +Issues with no direct upgrade or patch: + ✗ Allocation of Resources Without Limits or Throttling [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-SOFTWAREAMAZONION-6153869] in software.amazon.ion:ion-java@1.0.2 + introduced by software.amazon.ion:ion-java@1.0.2 + No upgrade or patch available + + + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/lib +Project name: crate/crate:4.6.6:/crate/lib +Docker image: crate/crate:4.6.6 +Licenses: enabled + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test crate/crate:4.6.6 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/azure-discovery +Project name: crate/crate:4.6.6:/crate/plugins/azure-discovery +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/es-analysis-common +Project name: crate/crate:4.6.6:/crate/plugins/es-analysis-common +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/es-analysis-phonetic +Project name: crate/crate:4.6.6:/crate/plugins/es-analysis-phonetic +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested 1 dependencies for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/es-repository-azure +Project name: crate/crate:4.6.6:/crate/plugins/es-repository-azure +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested 2 dependencies for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Tested 9 dependencies for known issues, found 13 issues. + + +Issues to fix by upgrading: + + Upgrade com.google.protobuf:protobuf-java@2.5.0 to com.google.protobuf:protobuf-java@3.16.3 to fix + ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284] in com.google.protobuf:protobuf-java@2.5.0 + introduced by com.google.protobuf:protobuf-java@2.5.0 + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772] in com.google.protobuf:protobuf-java@2.5.0 + introduced by com.google.protobuf:protobuf-java@2.5.0 + ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703] in com.google.protobuf:protobuf-java@2.5.0 + introduced by com.google.protobuf:protobuf-java@2.5.0 + ✗ Integer Overflow [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-173761] in com.google.protobuf:protobuf-java@2.5.0 + introduced by com.google.protobuf:protobuf-java@2.5.0 + + Upgrade org.apache.hadoop:hadoop-common@2.8.1 to org.apache.hadoop:hadoop-common@2.10.2 to fix + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-1014640] in org.apache.hadoop:hadoop-common@2.8.1 + introduced by org.apache.hadoop:hadoop-common@2.8.1 + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-461004] in org.apache.hadoop:hadoop-common@2.8.1 + introduced by org.apache.hadoop:hadoop-common@2.8.1 + ✗ Arbitrary File Write via Archive Extraction (Zip Slip) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-2443177] in org.apache.hadoop:hadoop-common@2.8.1 + introduced by org.apache.hadoop:hadoop-common@2.8.1 + ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-2975400] in org.apache.hadoop:hadoop-common@2.8.1 + introduced by org.apache.hadoop:hadoop-common@2.8.1 + ✗ Arbitrary File Write via Archive Extraction (Zip Slip) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-174573] in org.apache.hadoop:hadoop-common@2.8.1 + introduced by org.apache.hadoop:hadoop-common@2.8.1 + + Upgrade org.apache.hadoop:hadoop-hdfs@2.8.1 to org.apache.hadoop:hadoop-hdfs@3.3.2 to fix + ✗ XML External Entity Injection (XXE) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-2329722] in org.apache.hadoop:hadoop-hdfs@2.8.1 + introduced by org.apache.hadoop:hadoop-hdfs@2.8.1 + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-461002] in org.apache.hadoop:hadoop-hdfs@2.8.1 + introduced by org.apache.hadoop:hadoop-hdfs@2.8.1 + + Upgrade org.apache.hadoop:hadoop-hdfs-client@2.8.1 to org.apache.hadoop:hadoop-hdfs-client@3.3.5 to fix + ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-3034197] in org.apache.hadoop:hadoop-hdfs-client@2.8.1 + introduced by org.apache.hadoop:hadoop-hdfs-client@2.8.1 + ✗ Access Restriction Bypass [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-1065272] in org.apache.hadoop:hadoop-hdfs-client@2.8.1 + introduced by org.apache.hadoop:hadoop-hdfs-client@2.8.1 + + + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/es-repository-hdfs +Project name: crate/crate:4.6.6:/crate/plugins/es-repository-hdfs +Docker image: crate/crate:4.6.6 +Licenses: enabled + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test crate/crate:4.6.6 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/functions +Project name: crate/crate:4.6.6:/crate/plugins/functions +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/jmx-monitoring +Project name: crate/crate:4.6.6:/crate/plugins/jmx-monitoring +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing crate/crate:4.6.6... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /crate/plugins/lang-js +Project name: crate/crate:4.6.6:/crate/plugins/lang-js +Docker image: crate/crate:4.6.6 +Licenses: enabled + +✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. + + +Tested 11 projects, 3 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/dpage_pgadmin4_7.1.md b/Snyk/scan_results/dpage_pgadmin4_7.1.md new file mode 100644 index 0000000..e2af8ac --- /dev/null +++ b/Snyk/scan_results/dpage_pgadmin4_7.1.md @@ -0,0 +1,340 @@ +**Scanning dpage/pgadmin4:7.1** +``` + +Testing dpage/pgadmin4:7.1... + +✗ Low severity vulnerability found in python3/python3 + Description: CVE-2023-6597 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-PYTHON3-6479006 + Introduced through: python3/python3@3.10.11-r0, py3-parsing/py3-parsing@3.0.9-r0, py3-packaging/py3-packaging@21.3-r2, py3-retrying/py3-retrying@1.3.3-r3, py3-setuptools/py3-setuptools@65.6.0-r0, py3-pip/py3-pip@22.3.1-r1, py3-six/py3-six@1.16.0-r3 + From: python3/python3@3.10.11-r0 + From: py3-parsing/py3-parsing@3.0.9-r0 > python3/python3@3.10.11-r0 + From: py3-packaging/py3-packaging@21.3-r2 > python3/python3@3.10.11-r0 + and 4 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.10.14-r0 + +✗ Low severity vulnerability found in python3/python3 + Description: CVE-2024-0450 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-PYTHON3-6479007 + Introduced through: python3/python3@3.10.11-r0, py3-parsing/py3-parsing@3.0.9-r0, py3-packaging/py3-packaging@21.3-r2, py3-retrying/py3-retrying@1.3.3-r3, py3-setuptools/py3-setuptools@65.6.0-r0, py3-pip/py3-pip@22.3.1-r1, py3-six/py3-six@1.16.0-r3 + From: python3/python3@3.10.11-r0 + From: py3-parsing/py3-parsing@3.0.9-r0 > python3/python3@3.10.11-r0 + From: py3-packaging/py3-packaging@21.3-r2 > python3/python3@3.10.11-r0 + and 4 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.10.14-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2023-6237 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6160001 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.12-r3 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6593966 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.12-r5 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-4603 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6928856 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.13-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.14-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.14-r0 + +✗ Low severity vulnerability found in libcap/libcap-utils + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-LIBCAP-5537076 + Introduced through: libcap/libcap-utils@2.66-r0, libcap/libcap@2.66-r0, libcap/libcap2@2.66-r0 + From: libcap/libcap-utils@2.66-r0 + From: libcap/libcap@2.66-r0 > libcap/libcap-utils@2.66-r0 + From: libcap/libcap2@2.66-r0 + and 3 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 2.66-r1 + +✗ Low severity vulnerability found in expat/libexpat + Description: CVE-2024-28757 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-EXPAT-6446349 + Introduced through: expat/libexpat@2.5.0-r0, python3/python3@3.10.11-r0 + From: expat/libexpat@2.5.0-r0 + From: python3/python3@3.10.11-r0 > expat/libexpat@2.5.0-r0 + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 2.6.2-r0 + +✗ Medium severity vulnerability found in python3/python3 + Description: CVE-2023-40217 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-PYTHON3-5862616 + Introduced through: python3/python3@3.10.11-r0, py3-parsing/py3-parsing@3.0.9-r0, py3-packaging/py3-packaging@21.3-r2, py3-retrying/py3-retrying@1.3.3-r3, py3-setuptools/py3-setuptools@65.6.0-r0, py3-pip/py3-pip@22.3.1-r1, py3-six/py3-six@1.16.0-r3 + From: python3/python3@3.10.11-r0 + From: py3-parsing/py3-parsing@3.0.9-r0 > python3/python3@3.10.11-r0 + From: py3-packaging/py3-packaging@21.3-r2 > python3/python3@3.10.11-r0 + and 4 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.10.13-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5438697 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.8-r4 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5661570 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.9-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5776809 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.9-r2 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5788365 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.9-r3 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5821141 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.10-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6095780 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.12-r1 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6148880 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.12-r2 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6191691 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.12-r4 + +✗ Medium severity vulnerability found in krb5/krb5-libs + Description: Access of Uninitialized Pointer + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-KRB5-7413637 + Introduced through: krb5/krb5-libs@1.20.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: krb5/krb5-libs@1.20.1-r0 + From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.20.1-r0 + Image layer: Introduced by your base image (alpine:3.17.3) + Fixed in: 1.20.2-r0 + +✗ Medium severity vulnerability found in expat/libexpat + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-EXPAT-6241041 + Introduced through: expat/libexpat@2.5.0-r0, python3/python3@3.10.11-r0 + From: expat/libexpat@2.5.0-r0 + From: python3/python3@3.10.11-r0 > expat/libexpat@2.5.0-r0 + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 2.6.0-r0 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-6913412 + Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 + From: busybox/busybox@1.35.0-r29 + From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 + From: busybox/busybox-binsh@1.35.0-r29 + and 5 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 1.35.0-r30 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-7254940 + Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 + From: busybox/busybox@1.35.0-r29 + From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 + From: busybox/busybox-binsh@1.35.0-r29 + and 5 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 1.35.0-r31 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-7254941 + Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 + From: busybox/busybox@1.35.0-r29 + From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 + From: busybox/busybox-binsh@1.35.0-r29 + and 5 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 1.35.0-r31 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-7254942 + Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 + From: busybox/busybox@1.35.0-r29 + From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 + From: busybox/busybox-binsh@1.35.0-r29 + and 5 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 1.35.0-r31 + +✗ High severity vulnerability found in sqlite/sqlite-libs + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-SQLITE-6179510 + Introduced through: sqlite/sqlite-libs@3.40.1-r0, python3/python3@3.10.11-r0 + From: sqlite/sqlite-libs@3.40.1-r0 + From: python3/python3@3.10.11-r0 > sqlite/sqlite-libs@3.40.1-r0 + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.40.1-r1 + +✗ High severity vulnerability found in openssl/libcrypto3 + Description: CVE-2023-5363 + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6032385 + Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto3@3.0.8-r3 + From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 + From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 + and 12 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 3.0.12-r0 + +✗ High severity vulnerability found in ncurses/ncurses-libs + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-NCURSES-5606599 + Introduced through: ncurses/ncurses-libs@6.3_p20221119-r0, libedit/libedit@20221030.3.1-r0, python3/python3@3.10.11-r0, readline/readline@8.2.0-r0, ncurses/ncurses-terminfo-base@6.3_p20221119-r0 + From: ncurses/ncurses-libs@6.3_p20221119-r0 + From: libedit/libedit@20221030.3.1-r0 > ncurses/ncurses-libs@6.3_p20221119-r0 + From: python3/python3@3.10.11-r0 > ncurses/ncurses-libs@6.3_p20221119-r0 + and 3 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 6.3_p20221119-r1 + +✗ High severity vulnerability found in libcap/libcap-utils + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-LIBCAP-5537075 + Introduced through: libcap/libcap-utils@2.66-r0, libcap/libcap@2.66-r0, libcap/libcap2@2.66-r0 + From: libcap/libcap-utils@2.66-r0 + From: libcap/libcap@2.66-r0 > libcap/libcap-utils@2.66-r0 + From: libcap/libcap2@2.66-r0 + and 3 more... + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 2.66-r1 + +✗ High severity vulnerability found in expat/libexpat + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-ALPINE317-EXPAT-6241042 + Introduced through: expat/libexpat@2.5.0-r0, python3/python3@3.10.11-r0 + From: expat/libexpat@2.5.0-r0 + From: python3/python3@3.10.11-r0 > expat/libexpat@2.5.0-r0 + Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' + Fixed in: 2.6.0-r0 + + + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|dpage/pgadmin4 +Docker image: dpage/pgadmin4:7.1 +Platform: linux/amd64 +Base image: alpine:3.17.3 +Licenses: enabled + +Tested 53 dependencies for known issues, found 29 issues. + +Base Image Vulnerabilities Severity +alpine:3.17.3 18 0 critical, 1 high, 12 medium, 5 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +alpine:3 1 0 critical, 0 high, 0 medium, 1 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` diff --git a/Snyk/scan_results/eclipse-mosquitto_2.0.14.md b/Snyk/scan_results/eclipse-mosquitto_2.0.14.md new file mode 100644 index 0000000..f8267e5 --- /dev/null +++ b/Snyk/scan_results/eclipse-mosquitto_2.0.14.md @@ -0,0 +1,92 @@ +**Scanning eclipse-mosquitto:2.0.14** +``` + +Testing eclipse-mosquitto:2.0.14... + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314652 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Fixed in: 1.1.1t-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-5291791 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Fixed in: 1.1.1t-r2 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314637 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Fixed in: 1.1.1t-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314646 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Fixed in: 1.1.1t-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314653 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Fixed in: 1.1.1t-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3368739 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Fixed in: 1.1.1t-r1 + + + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|eclipse-mosquitto +Docker image: eclipse-mosquitto:2.0.14 +Platform: linux/amd64 +Base image: alpine:3.14.8 +Licenses: enabled + +Tested 20 dependencies for known issues, found 6 issues. + +Base Image Vulnerabilities Severity +alpine:3.14.8 6 0 critical, 4 high, 2 medium, 0 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +alpine:3 1 0 critical, 0 high, 0 medium, 1 low + +Alpine 3.14.8 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates. + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` diff --git a/Snyk/scan_results/eclipse-mosquitto_2.0.15.md b/Snyk/scan_results/eclipse-mosquitto_2.0.15.md new file mode 100644 index 0000000..3b01709 --- /dev/null +++ b/Snyk/scan_results/eclipse-mosquitto_2.0.15.md @@ -0,0 +1,190 @@ +**Scanning eclipse-mosquitto:2.0.15** +``` + +Testing eclipse-mosquitto:2.0.15... + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2023-6237 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6160000 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.4-r4 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.4-r6 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-4603 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6928857 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.5-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.6-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.6-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.4-r1 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6152404 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.4-r3 + +✗ Medium severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6191692 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.4-r5 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-6913411 + Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 + From: busybox/busybox@1.36.1-r2 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 + From: busybox/busybox-binsh@1.36.1-r2 + and 3 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 1.36.1-r6 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249236 + Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 + From: busybox/busybox@1.36.1-r2 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 + From: busybox/busybox-binsh@1.36.1-r2 + and 3 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 1.36.1-r7 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249265 + Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 + From: busybox/busybox@1.36.1-r2 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 + From: busybox/busybox-binsh@1.36.1-r2 + and 3 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 1.36.1-r7 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249419 + Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 + From: busybox/busybox@1.36.1-r2 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 + From: busybox/busybox-binsh@1.36.1-r2 + and 3 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 1.36.1-r7 + +✗ High severity vulnerability found in openssl/libcrypto3 + Description: CVE-2023-5363 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386 + Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 + From: openssl/libcrypto3@3.1.2-r0 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 + From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 + and 5 more... + Image layer: 'apk --no-cache add ca-certificates cjson libressl' + Fixed in: 3.1.4-r0 + +✗ High severity vulnerability found in cjson/cjson + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-CJSON-6156886 + Introduced through: cjson/cjson@1.7.15-r4 + From: cjson/cjson@1.7.15-r4 + Image layer: 'apk --no-cache add --virtual build-deps build-base cmake cjson-dev gnupg libressl-dev linux-headers util-linux-dev' + Fixed in: 1.7.17-r0 + +✗ High severity vulnerability found in cjson/cjson + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-CJSON-6156890 + Introduced through: cjson/cjson@1.7.15-r4 + From: cjson/cjson@1.7.15-r4 + Image layer: 'apk --no-cache add --virtual build-deps build-base cmake cjson-dev gnupg libressl-dev linux-headers util-linux-dev' + Fixed in: 1.7.17-r0 + + + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|eclipse-mosquitto +Docker image: eclipse-mosquitto:2.0.15 +Platform: linux/amd64 +Base image: alpine:3.18.3 +Licenses: enabled + +Tested 21 dependencies for known issues, found 15 issues. + +Base Image Vulnerabilities Severity +alpine:3.18.3 13 0 critical, 1 high, 7 medium, 5 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +alpine:3 1 0 critical, 0 high, 0 medium, 1 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` diff --git a/Snyk/scan_results/fiware_iotagent-json_1.26.0.md b/Snyk/scan_results/fiware_iotagent-json_1.26.0.md new file mode 100644 index 0000000..e409d68 --- /dev/null +++ b/Snyk/scan_results/fiware_iotagent-json_1.26.0.md @@ -0,0 +1,1022 @@ +**Scanning fiware/iotagent-json:1.26.0** +``` + +Testing fiware/iotagent-json:1.26.0... + +✗ Low severity vulnerability found in util-linux/libuuid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + +✗ Low severity vulnerability found in util-linux/libuuid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-6508628 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + Fixed in: 2.33.1-0.1+deb10u1 + +✗ Low severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: CVE-2023-39804 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + Fixed in: 1.30+dfsg-6+deb10u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Privilege Chaining + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 + Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 + From: pam/libpam0g@1.3.1-5 + From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 + From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 + and 11 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 7 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 7 more... + +✗ Low severity vulnerability found in lz4/liblz4-1 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 + Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 + From: lz4/liblz4-1@1.8.3-1+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 + +✗ Low severity vulnerability found in libtasn1-6 + Description: CVE-2018-1000654 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 + Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 + From: libtasn1-6@4.13-3 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libseccomp/libseccomp2 + Description: CVE-2019-9893 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 + Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 + From: libseccomp/libseccomp2@2.3.3-4 + From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 + +✗ Low severity vulnerability found in libidn2/libidn2-0 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 + Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 + From: libidn2/libidn2-0@2.0.5-1+deb10u1 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u9 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 + Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 + From: gnupg2/gpgv@2.2.12-1+deb10u2 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 + Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 + From: gnupg2/gpgv@2.2.12-1+deb10u2 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6617101 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + Fixed in: 2.28-10+deb10u3 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673956 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673957 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673966 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673971 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in gcc-8/libstdc++6 + Description: Insufficient Entropy + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Low severity vulnerability found in gcc-8/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Low severity vulnerability found in e2fsprogs/libcom-err2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 + Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 + From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + and 5 more... + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 + Introduced through: coreutils@8.30-3 + From: coreutils@8.30-3 + +✗ Low severity vulnerability found in coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 + Introduced through: coreutils@8.30-3 + From: coreutils@8.30-3 + +✗ Low severity vulnerability found in bash + Description: Improper Check for Dropped Privileges + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 + Introduced through: bash@5.0-4 + From: bash@5.0-4 + +✗ Low severity vulnerability found in apt/libapt-pkg5.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 + Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 + From: apt/libapt-pkg5.0@1.8.2.3 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 + From: apt@1.8.2.3 + +✗ Medium severity vulnerability found in util-linux/libuuid1 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + Fixed in: 2.33.1-0.1+deb10u1 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + Fixed in: 241-7~deb10u10 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: CVE-2022-4415 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ Medium severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 7 more... + Fixed in: 6.1+20181013-2+deb10u4 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u9 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 + Fixed in: 3.6.7-4+deb10u11 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-26604 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + Fixed in: 241-7~deb10u9 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 + Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 + From: systemd/libsystemd0@241-7~deb10u8 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 + and 4 more... + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 7 more... + Fixed in: 6.1+20181013-2+deb10u5 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 7 more... + Fixed in: 6.1+20181013-2+deb10u5 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u9 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 + Fixed in: 3.6.7-4+deb10u10 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u9 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 + Fixed in: 3.6.7-4+deb10u12 + +✗ High severity vulnerability found in glibc/libc-bin + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ High severity vulnerability found in gcc-8/libstdc++6 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 + From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 + +✗ Critical severity vulnerability found in libtasn1-6 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 + Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 + From: libtasn1-6@4.13-3 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 + Fixed in: 4.13-3+deb10u1 + +✗ Critical severity vulnerability found in db5.3/libdb5.3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 + Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 + From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 + +------------ Detected 39 vulnerabilities for node@16.19.0 ------------ + + +✗ Low severity vulnerability found in node + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Low severity vulnerability found in node + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Low severity vulnerability found in node + Description: Insecure Randomness + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Low severity vulnerability found in node + Description: Permissive Cross-domain Policy with Untrusted Domains + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.19.1, 20.11.1, 21.6.2 + +✗ Low severity vulnerability found in node + Description: Authorization Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430907 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 20.15.1, 22.4.1 + +✗ Low severity vulnerability found in node + Description: Authorization Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430909 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 20.15.1, 22.4.1 + +✗ Low severity vulnerability found in node + Description: Improper Handling of Values + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430912 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 20.15.1, 22.4.1 + +✗ Medium severity vulnerability found in node + Description: Timing Attack + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Privilege Escalation + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ Medium severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: Inconsistency Between Implementation and Documented Design + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1, 18.16.1, 20.3.1 + +✗ Medium severity vulnerability found in node + Description: Buffer Over-read + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: Insecure Randomness + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: Buffer Underwrite (Buffer Underflow) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: Privilege Escalation + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ Medium severity vulnerability found in node + Description: Improper Access Control + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.2 + +✗ Medium severity vulnerability found in node + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.2 + +✗ Medium severity vulnerability found in node + Description: Observable Timing Discrepancy + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.19.1, 20.11.1, 21.6.2 + +✗ Medium severity vulnerability found in node + Description: HTTP Request Smuggling + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6564550 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.20.1, 20.12.1, 21.7.2 + +✗ Medium severity vulnerability found in node + Description: Improper Control of Generation of Code ('Code Injection') + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430900 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.20.4, 20.15.1, 22.4.1 + +✗ Medium severity vulnerability found in node + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430905 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.20.4, 20.15.1, 22.4.1 + +✗ High severity vulnerability found in node + Description: Insecure Permissions + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ High severity vulnerability found in node + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ High severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ High severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.19.1 + +✗ High severity vulnerability found in node + Description: Prototype Pollution + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ High severity vulnerability found in node + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.1 + +✗ High severity vulnerability found in node + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 16.20.2 + +✗ High severity vulnerability found in node + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.19.1, 20.11.1, 21.6.2 + +✗ High severity vulnerability found in node + Description: Code Injection + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.19.1, 20.11.1, 21.6.2 + +✗ High severity vulnerability found in node + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6564548 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.20.1, 20.12.1, 21.7.2 + +✗ High severity vulnerability found in node + Description: Improper Control of Generation of Code ('Code Injection') + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6615824 + Introduced through: node@16.19.0 + From: node@16.19.0 + Fixed in: 18.20.2, 20.12.2, 21.7.3 + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|fiware/iotagent-json +Docker image: fiware/iotagent-json:1.26.0 +Platform: linux/amd64 +Licenses: enabled + +Tested 85 dependencies for known issues, found 128 issues. + +Debian 10 is no longer supported by the Debian maintainers. Vulnerability detection may be affected by a lack of security updates. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test fiware/iotagent-json:1.26.0 --file=path/to/Dockerfile + +To remove this message in the future, please run `snyk config set disableSuggestions=true` + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing fiware/iotagent-json:1.26.0... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /opt/iotagent-json/node_modules/JSV/jsdoc-toolkit/java/classes +Project name: fiware/iotagent-json:1.26.0:/opt/iotagent-json/node_modules/JSV/jsdoc-toolkit/java/classes +Docker image: fiware/iotagent-json:1.26.0 +Licenses: enabled + +✔ Tested fiware/iotagent-json:1.26.0 for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing fiware/iotagent-json:1.26.0... + +Organization: bhavdeep1304 +Package manager: maven +Target file: /opt/iotagent-json/node_modules/JSV/jsdoc-toolkit +Project name: fiware/iotagent-json:1.26.0:/opt/iotagent-json/node_modules/JSV/jsdoc-toolkit +Docker image: fiware/iotagent-json:1.26.0 +Licenses: enabled + +✔ Tested fiware/iotagent-json:1.26.0 for known issues, no vulnerable paths found. + + +Tested 3 projects, 1 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/fiware_orion_3.7.0.md b/Snyk/scan_results/fiware_orion_3.7.0.md new file mode 100644 index 0000000..7d812a7 --- /dev/null +++ b/Snyk/scan_results/fiware_orion_3.7.0.md @@ -0,0 +1,2330 @@ +**Scanning fiware/orion:3.7.0** +``` + +Testing fiware/orion:3.7.0... + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081 + Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u3, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 + From: util-linux/libblkid1@2.36.1-8+deb11u1 + From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 + From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 + and 16 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-6508632 + Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u3, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 + From: util-linux/libblkid1@2.36.1-8+deb11u1 + From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 + From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 + and 16 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.36.1-8+deb11u2 + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2434417 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Improper Resource Shutdown or Release + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2440571 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-514595 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-516778 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-518574 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-520936 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-531474 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5416363 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5425904 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5673712 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5724641 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747597 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5749339 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5750143 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5767900 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5773188 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5853001 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6079927 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6084515 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190609 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190787 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-523480 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in tar + Description: CVE-2023-39804 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-6120424 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 1.34+dfsg-1+deb11u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733387 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733391 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733392 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6137713 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277512 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5423922 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5879152 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-532614 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489185 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489191 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pcre2/libpcre2-8-0 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-5788325 + Introduced through: pcre2/libpcre2-8-0@10.36-2 + From: pcre2/libpcre2-8-0@10.36-2 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PAM-6178915 + Introduced through: pam/libpam0g@1.4.0-9+deb11u1, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1, adduser@3.118, pam/libpam-modules-bin@1.4.0-9+deb11u1, pam/libpam-modules@1.4.0-9+deb11u1, pam/libpam-runtime@1.4.0-9+deb11u1 + From: pam/libpam0g@1.4.0-9+deb11u1 + From: shadow/login@1:4.8.1-1 > pam/libpam0g@1.4.0-9+deb11u1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > pam/libpam0g@1.4.0-9+deb11u1 + and 11 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6048819 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6190224 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6592093 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7151355 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7411351 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-521320 + Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531344 + Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Cryptographic Issues + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531747 + Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-5660622 + Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-584937 + Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in nghttp2/libnghttp2-14 + Description: CVE-2024-28182 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-6541750 + Introduced through: curl@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > nghttp2/libnghttp2-14@1.43.0-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6123820 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6252771 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libzstd/libzstd1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBZSTD-5406388 + Introduced through: libzstd/libzstd1@1.4.8+dfsg-2.1, apt@2.2.4, glibc/libc-devtools@2.31-13+deb11u3 + From: libzstd/libzstd1@1.4.8+dfsg-2.1 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libzstd/libzstd1@1.4.8+dfsg-2.1 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > systemd/libsystemd0@247.3-7 > libzstd/libzstd1@1.4.8+dfsg-2.1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in libpng1.6/libpng16-16 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-2363923 + Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u3 + From: libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 > libpng1.6/libpng16-16@1.6.37-3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libpng1.6/libpng16-16 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-529373 + Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u3 + From: libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 > libpng1.6/libpng16-16@1.6.37-3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libjpeg-turbo/libjpeg62-turbo + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBJPEGTURBO-2932112 + Introduced through: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4, glibc/libc-devtools@2.31-13+deb11u3 + From: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgd2/libgd3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1536763 + Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u3 + From: libgd2/libgd3@2.3.0-2 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgd2/libgd3 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1570130 + Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u3 + From: libgd2/libgd3@2.3.0-2 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgd2/libgd3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1583889 + Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u3 + From: libgd2/libgd3@2.3.0-2 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892 + Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 > libgcrypt20@1.8.7-6 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947 + Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 > libgcrypt20@1.8.7-6 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-6405987 + Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 > libgcrypt20@1.8.7-6 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-26462 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277413 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-26461 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277418 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-26458 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277420 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-37371 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u5 + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-37370 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411320 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u5 + +✗ Low severity vulnerability found in jbigkit/libjbig0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-JBIGKIT-514977 + Introduced through: jbigkit/libjbig0@2.1-3.1+b2, glibc/libc-devtools@2.31-13+deb11u3 + From: jbigkit/libjbig0@2.1-3.1+b2 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > jbigkit/libjbig0@2.1-3.1+b2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Uncaught Exception + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474582 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474587 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-3330745 + Introduced through: gnupg2/gpgv@2.2.27-2+deb11u1, apt@2.2.4 + From: gnupg2/gpgv@2.2.27-2+deb11u1 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6617104 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u9 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673955 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673958 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673967 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673973 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in gcc-9/gcc-9-base + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC9-5901306 + Introduced through: gcc-9/gcc-9-base@9.3.0-22 + From: gcc-9/gcc-9-base@9.3.0-22 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in gcc-10/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC10-5901313 + Introduced through: apt@2.2.4, boost1.74/libboost-thread1.74.0@1.74.0-9, icu/libicu67@67.1-7, gcc-10/gcc-10-base@10.2.1-6, gcc-10/libgcc-s1@10.2.1-6 + From: apt@2.2.4 > gcc-10/libstdc++6@10.2.1-6 + From: boost1.74/libboost-thread1.74.0@1.74.0-9 > gcc-10/libstdc++6@10.2.1-6 + From: icu/libicu67@67.1-7 > gcc-10/libstdc++6@10.2.1-6 + and 3 more... + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in freetype/libfreetype6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2848681 + Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 + From: freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-524217 + Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 + From: expat/libexpat1@2.2.10-2+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227594 + Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 + From: expat/libexpat1@2.2.10-2+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227598 + Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 + From: expat/libexpat1@2.2.10-2+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: CVE-2024-28757 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6420594 + Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 + From: expat/libexpat1@2.2.10-2+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in e2fsprogs/libcom-err2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459 + Introduced through: e2fsprogs@1.46.2-2, curl@7.74.0-1.3+deb11u1, e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2 + From: e2fsprogs@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 + From: e2fsprogs@1.46.2-2 > e2fsprogs/libss2@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > e2fsprogs/libcom-err2@1.46.2-2 + and 8 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in db5.3/libdb5.3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168 + Introduced through: adduser@3.118, curl@7.74.0-1.3+deb11u1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1+deb11u1 > cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Missing Initialization of Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1296884 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Use of Incorrectly-Resolved Name or Reference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322658 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322659 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322667 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2022-35252 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3012384 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u3 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561869 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2023-28322 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561885 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u9 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2023-38546 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955029 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u10 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2398 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501704 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u12 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2379 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501711 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in coreutils/coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776 + Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 + From: coreutils/coreutils@8.32-4+b1 + From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in coreutils/coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269 + Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 + From: coreutils/coreutils@8.32-4+b1 + From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in bash/bash + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361 + Introduced through: bash/bash@5.1-2+b3 + From: bash/bash@5.1-2+b3 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Low severity vulnerability found in apt/libapt-pkg6.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-APT-522585 + Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4 + From: apt/libapt-pkg6.0@2.2.4 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 + From: apt@2.2.4 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2774162 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2774167 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2823289 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2823291 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938519 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938520 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938525 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2964237 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Integer Underflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987009 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Integer Underflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987011 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Improper Validation of Specified Quantity in Input + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987014 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3008946 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012393 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Incorrect Calculation of Buffer Size + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012398 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Release of Invalid Pointer or Reference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012399 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058771 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058775 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058778 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058779 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058787 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058792 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3244453 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319790 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319791 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319804 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319810 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319811 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319813 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319814 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319820 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319824 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319826 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3339158 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5425902 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5518072 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747608 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862860 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u5 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862861 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u5 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5934951 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u5 + +✗ Medium severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 1.34+dfsg-1+deb11u1 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3111119 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 247.3-7+deb11u2 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: CVE-2022-4415 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3177742 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 247.3-7+deb11u2 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2941242 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u4 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314592 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u4 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5788324 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1v-0~deb11u1 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5812634 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1v-0~deb11u1 + +✗ Medium severity vulnerability found in libxpm/libxpm4 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927156 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1+deb11u1 + +✗ Medium severity vulnerability found in libxpm/libxpm4 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927166 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1+deb11u1 + +✗ Medium severity vulnerability found in libx11/libx11-data + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927151 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u2 + +✗ Medium severity vulnerability found in libx11/libx11-data + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927154 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u2 + +✗ Medium severity vulnerability found in krb5/libk5crypto3 + Description: Access of Uninitialized Pointer + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-5825661 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u4 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-2419151 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u1 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6062102 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u4 + +✗ Medium severity vulnerability found in gnupg2/gpgv + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-2939851 + Introduced through: gnupg2/gpgv@2.2.27-2+deb11u1, apt@2.2.4 + From: gnupg2/gpgv@2.2.27-2+deb11u1 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 2.2.27-2+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Insufficient Verification of Data Authenticity + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1585148 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2804158 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2804167 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936232 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936233 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936235 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3179186 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u5 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320492 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320498 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u7 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366760 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366763 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366765 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561876 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u9 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: CVE-2023-46218 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100976 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u11 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Missing Encryption of Sensitive Data + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100978 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in tiff/libtiff5 + Description: Numeric Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3113871 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u3 + +✗ High severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747600 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 + From: tiff/libtiff5@4.2.0-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 + Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 + From: systemd/libsystemd0@247.3-7 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in perl/perl-base + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 5.32.1-4+deb11u3 + +✗ High severity vulnerability found in openssl/libssl1.1 + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314584 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u4 + +✗ High severity vulnerability found in openssl/libssl1.1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314604 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u4 + +✗ High severity vulnerability found in openssl/libssl1.1 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314615 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u4 + +✗ High severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ High severity vulnerability found in nghttp2/libnghttp2-14 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384 + Introduced through: curl@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > nghttp2/libnghttp2-14@1.43.0-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.43.0-1+deb11u1 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-2767191 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 6.2+20201114-2+deb11u1 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 6.2+20201114-2+deb11u2 + +✗ High severity vulnerability found in libxpm/libxpm4 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232725 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1~deb11u1 + +✗ High severity vulnerability found in libxpm/libxpm4 + Description: Untrusted Search Path + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232730 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1~deb11u1 + +✗ High severity vulnerability found in libxpm/libxpm4 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232736 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1~deb11u1 + +✗ High severity vulnerability found in libx11/libx11-data + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5710893 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u1 + +✗ High severity vulnerability found in libx11/libx11-data + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927150 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u2 + +✗ High severity vulnerability found in libwebp/libwebp6 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5489177 + Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u3 + From: libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > libwebp/libwebp6@0.6.1-2.1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 0.6.1-2.1+deb11u1 + +✗ High severity vulnerability found in libwebp/libwebp6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 + Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u3 + From: libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > libwebp/libwebp6@0.6.1-2.1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 0.6.1-2.1+deb11u2 + +✗ High severity vulnerability found in libtirpc/libtirpc3 + Description: Improper Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBTIRPC-2959390 + Introduced through: adduser@3.118, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libtirpc/libtirpc3@1.3.1-1 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > glibc/libc6-dev@2.31-13+deb11u3 > libnsl/libnsl-dev@1.3.0-2 > libtirpc/libtirpc-dev@1.3.1-1 > libtirpc/libtirpc3@1.3.1-1 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > glibc/libc6-dev@2.31-13+deb11u3 > libnsl/libnsl-dev@1.3.0-2 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.3.1-1+deb11u1 + +✗ High severity vulnerability found in libssh2/libssh2-1 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSSH2-5861756 + Introduced through: curl@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > libssh2/libssh2-1@1.9.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.9.0-2+deb11u1 + +✗ High severity vulnerability found in krb5/libk5crypto3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-3120880 + Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u3 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-2964220 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u2 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-3318299 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u3 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159417 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u5 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159419 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u5 + +✗ High severity vulnerability found in glibc/libc-bin + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340919 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u4 + +✗ High severity vulnerability found in glibc/libc-bin + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 + Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 + From: glibc/libc6@2.31-13+deb11u3 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u7 + +✗ High severity vulnerability found in freetype/libfreetype6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2774654 + Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 + From: freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.10.4+dfsg-1+deb11u1 + +✗ High severity vulnerability found in freetype/libfreetype6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2774664 + Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 + From: freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.10.4+dfsg-1+deb11u1 + +✗ High severity vulnerability found in expat/libexpat1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-3023031 + Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 + From: expat/libexpat1@2.2.10-2+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.2.10-2+deb11u4 + +✗ High severity vulnerability found in expat/libexpat1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-3061093 + Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 + From: expat/libexpat1@2.2.10-2+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.2.10-2+deb11u5 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1585138 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ High severity vulnerability found in curl/libcurl4 + Description: CVE-2022-27775 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2804164 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Missing Authentication for Critical Function + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2805482 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2813769 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2813773 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3066040 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3179181 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in curl/libcurl4 + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366762 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366772 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-2976151 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 + From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 1:1.2.11.dfsg-2+deb11u2 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 + From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 + Image layer: Introduced by your base image (debian:11.2-slim) + +✗ Critical severity vulnerability found in pcre2/libpcre2-8-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-2808697 + Introduced through: pcre2/libpcre2-8-0@10.36-2 + From: pcre2/libpcre2-8-0@10.36-2 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 10.36-2+deb11u1 + +✗ Critical severity vulnerability found in pcre2/libpcre2-8-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-2808704 + Introduced through: pcre2/libpcre2-8-0@10.36-2 + From: pcre2/libpcre2-8-0@10.36-2 + Image layer: Introduced by your base image (debian:11.2-slim) + Fixed in: 10.36-2+deb11u1 + +✗ Critical severity vulnerability found in openssl/libssl1.1 + Description: OS Command Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2933518 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u3 + +✗ Critical severity vulnerability found in libtasn1-6 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBTASN16-3061097 + Introduced through: curl@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 > libtasn1-6@4.16.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.16.0-2+deb11u1 + +✗ Critical severity vulnerability found in freetype/libfreetype6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2774656 + Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 + From: freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 + From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.10.4+dfsg-1+deb11u1 + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1585150 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Incorrect Default Permissions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936229 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u2 + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Exposure of Resource to Wrong Sphere + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3065656 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u5 + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955037 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 + From: curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 + From: curl@7.74.0-1.3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u10 + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|fiware/orion +Docker image: fiware/orion:3.7.0 +Platform: linux/amd64 +Base image: debian:11.2-slim +Licenses: enabled + +Tested 146 dependencies for known issues, found 247 issues. + +Base Image Vulnerabilities Severity +debian:11.2-slim 120 11 critical, 20 high, 15 medium, 74 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +debian:bullseye-20240701-slim 69 1 critical, 1 high, 0 medium, 67 low + +Major upgrades +Base Image Vulnerabilities Severity +debian:bookworm-20240701-slim 33 1 critical, 0 high, 0 medium, 32 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` diff --git a/Snyk/scan_results/fiware_orion_latest.md b/Snyk/scan_results/fiware_orion_latest.md new file mode 100644 index 0000000..a1a628e --- /dev/null +++ b/Snyk/scan_results/fiware_orion_latest.md @@ -0,0 +1,882 @@ +**Scanning fiware/orion:latest** +``` + +Testing fiware/orion:latest... + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-UTILLINUX-2401083 + Introduced through: util-linux/libblkid1@2.38.1-5+deb12u1, e2fsprogs@1.47.0-2, util-linux/libmount1@2.38.1-5+deb12u1, util-linux@2.38.1-5+deb12u1, util-linux/mount@2.38.1-5+deb12u1, util-linux/libuuid1@2.38.1-5+deb12u1, util-linux/libsmartcols1@2.38.1-5+deb12u1, util-linux/util-linux-extra@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1 + From: util-linux/libblkid1@2.38.1-5+deb12u1 + From: e2fsprogs@1.47.0-2 > util-linux/libblkid1@2.38.1-5+deb12u1 + From: util-linux/libmount1@2.38.1-5+deb12u1 > util-linux/libblkid1@2.38.1-5+deb12u1 + and 17 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1560922 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561093 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561130 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561402 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561632 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Improper Resource Shutdown or Release + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-2440572 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5416364 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5673710 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5747599 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5749338 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5750144 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5767899 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5773187 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6079922 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6084514 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6190608 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tiff/libtiff6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6190785 + Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 + From: tiff/libtiff6@4.5.0-6+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TAR-1560620 + Introduced through: tar@1.34+dfsg-1.2+deb12u1, dash@0.5.12-2 + From: tar@1.34+dfsg-1.2+deb12u1 + From: dash@0.5.12-2 > dpkg@1.21.22 > tar@1.34+dfsg-1.2+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-1560739 + Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 + From: systemd/libsystemd0@252.22-1~deb12u1 + From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733385 + Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 + From: systemd/libsystemd0@252.22-1~deb12u1 + From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733390 + Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 + From: systemd/libsystemd0@252.22-1~deb12u1 + From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733398 + Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 + From: systemd/libsystemd0@252.22-1~deb12u1 + From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277509 + Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 + From: systemd/libsystemd0@252.22-1~deb12u1 + From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 252.23-1~deb12u1 + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559391 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559403 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5423923 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5879156 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-1556505 + Introduced through: perl/perl-base@5.36.0-7+deb12u1 + From: perl/perl-base@5.36.0-7+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184 + Introduced through: perl/perl-base@5.36.0-7+deb12u1 + From: perl/perl-base@5.36.0-7+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489190 + Introduced through: perl/perl-base@5.36.0-7+deb12u1 + From: perl/perl-base@5.36.0-7+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PAM-6178914 + Introduced through: pam/libpam0g@1.5.2-6+deb12u1, shadow/login@1:4.13+dfsg1-1+b1, util-linux@2.38.1-5+deb12u1, adduser@3.134, pam/libpam-modules-bin@1.5.2-6+deb12u1, pam/libpam-modules@1.5.2-6+deb12u1, pam/libpam-runtime@1.5.2-6+deb12u1 + From: pam/libpam0g@1.5.2-6+deb12u1 + From: shadow/login@1:4.13+dfsg1-1+b1 > pam/libpam0g@1.5.2-6+deb12u1 + From: util-linux@2.38.1-5+deb12u1 > pam/libpam0g@1.5.2-6+deb12u1 + and 11 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2023-6237 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6157243 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.0.13-1~deb12u1 + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6592092 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-4603 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6861561 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7151359 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7411350 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.5-0 + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555631 + Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 + From: openldap/libldap-common@2.5.13+dfsg-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.5-0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555724 + Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 + From: openldap/libldap-common@2.5.13+dfsg-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.5-0 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555918 + Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 + From: openldap/libldap-common@2.5.13+dfsg-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.5-0 + Description: Cryptographic Issues + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555941 + Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 + From: openldap/libldap-common@2.5.13+dfsg-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.5-0 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-5660620 + Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 + From: openldap/libldap-common@2.5.13+dfsg-5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in nghttp2/libnghttp2-14 + Description: CVE-2024-28182 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NGHTTP2-6541749 + Introduced through: curl@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > nghttp2/libnghttp2-14@1.52.0-1+deb12u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6123823 + Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b2, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 + From: ncurses/libtinfo6@6.4-4 + From: bash/bash@5.2.15-2+b2 > ncurses/libtinfo6@6.4-4 + From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6252773 + Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b2, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 + From: ncurses/libtinfo6@6.4-4 + From: bash/bash@5.2.15-2+b2 > ncurses/libtinfo6@6.4-4 + From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libpng1.6/libpng16-16 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBPNG16-2363910 + Introduced through: libpng1.6/libpng16-16@1.6.39-2, glibc/libc-devtools@2.36-9+deb12u7 + From: libpng1.6/libpng16-16@1.6.39-2 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libpng1.6/libpng16-16@1.6.39-2 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > freetype/libfreetype6@2.12.1+dfsg-5 > libpng1.6/libpng16-16@1.6.39-2 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libheif/libheif1 + Description: Divide By Zero + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-5498469 + Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: libheif/libheif1@1.15.1-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libheif/libheif1 + Description: CVE-2023-49462 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105360 + Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: libheif/libheif1@1.15.1-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libheif/libheif1 + Description: CVE-2023-49460 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105367 + Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: libheif/libheif1@1.15.1-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libheif/libheif1 + Description: CVE-2023-49464 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105368 + Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: libheif/libheif1@1.15.1-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libheif/libheif1 + Description: CVE-2023-49463 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105378 + Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: libheif/libheif1@1.15.1-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libheif/libheif1 + Description: CVE-2024-25269 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6371532 + Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: libheif/libheif1@1.15.1-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-1550206 + Introduced through: libgcrypt20/libgcrypt20-dev@1.10.1-3, apt@2.6.1 + From: libgcrypt20/libgcrypt20-dev@1.10.1-3 > libgcrypt20@1.10.1-3 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 + From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-6405981 + Introduced through: libgcrypt20/libgcrypt20-dev@1.10.1-3, apt@2.6.1 + From: libgcrypt20/libgcrypt20-dev@1.10.1-3 > libgcrypt20@1.10.1-3 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 + From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libde265/libde265-0 + Description: CVE-2023-51792 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBDE265-6672145 + Introduced through: libde265/libde265-0@1.0.11-1+deb12u2, glibc/libc-devtools@2.36-9+deb12u7 + From: libde265/libde265-0@1.0.11-1+deb12u2 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > libde265/libde265-0@1.0.11-1+deb12u2 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libde265/libde265-0 + Description: CVE-2024-38949 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBDE265-7411271 + Introduced through: libde265/libde265-0@1.0.11-1+deb12u2, glibc/libc-devtools@2.36-9+deb12u7 + From: libde265/libde265-0@1.0.11-1+deb12u2 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > libde265/libde265-0@1.0.11-1+deb12u2 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in libde265/libde265-0 + Description: CVE-2024-38950 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBDE265-7411272 + Introduced through: libde265/libde265-0@1.0.11-1+deb12u2, glibc/libc-devtools@2.36-9+deb12u7 + From: libde265/libde265-0@1.0.11-1+deb12u2 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > libde265/libde265-0@1.0.11-1+deb12u2 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in krb5/libkrb5support0 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-1549480 + Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + and 6 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libkrb5support0 + Description: CVE-2024-26461 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-6277411 + Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + and 6 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libkrb5support0 + Description: CVE-2024-26458 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-6277412 + Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + and 6 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libkrb5support0 + Description: CVE-2024-26462 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-6277421 + Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + and 6 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libkrb5support0 + Description: CVE-2024-37370 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411314 + Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + and 6 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.20.1-2+deb12u2 + +✗ Low severity vulnerability found in krb5/libkrb5support0 + Description: CVE-2024-37371 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411315 + Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 + and 6 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.20.1-2+deb12u2 + +✗ Low severity vulnerability found in jbigkit/libjbig0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-JBIGKIT-1549085 + Introduced through: jbigkit/libjbig0@2.1-6.1, glibc/libc-devtools@2.36-9+deb12u7 + From: jbigkit/libjbig0@2.1-6.1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 > jbigkit/libjbig0@2.1-6.1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-1547121 + Introduced through: apt@2.6.1, curl@7.88.1-10+deb12u5 + From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Uncaught Exception + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-6474581 + Introduced through: apt@2.6.1, curl@7.88.1-10+deb12u5 + From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.9-2+deb12u3 + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-6474586 + Introduced through: apt@2.6.1, curl@7.88.1-10+deb12u5 + From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 > gnutls28/libgnutls30@3.7.9-2+deb12u2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.9-2+deb12u3 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUPG2-3330747 + Introduced through: gnupg2/gpgv@2.2.40-1.1, apt@2.6.1 + From: gnupg2/gpgv@2.2.40-1.1 + From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1546991 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547039 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547069 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547135 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547293 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547373 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc-devtools@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + and 2 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in gcc-12/libstdc++6 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-2606941 + Introduced through: abseil/libabsl20220623@20220623.1-1, apt@2.6.1, boost1.74/libboost-thread1.74.0@1.74.0+ds1-21, icu/libicu72@72.1-3, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 + From: abseil/libabsl20220623@20220623.1-1 > gcc-12/libstdc++6@12.2.0-14 + From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 + From: boost1.74/libboost-thread1.74.0@1.74.0+ds1-21 > gcc-12/libstdc++6@12.2.0-14 + and 10 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in gcc-12/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-5901316 + Introduced through: abseil/libabsl20220623@20220623.1-1, apt@2.6.1, boost1.74/libboost-thread1.74.0@1.74.0+ds1-21, icu/libicu72@72.1-3, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 + From: abseil/libabsl20220623@20220623.1-1 > gcc-12/libstdc++6@12.2.0-14 + From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 + From: boost1.74/libboost-thread1.74.0@1.74.0+ds1-21 > gcc-12/libstdc++6@12.2.0-14 + and 10 more... + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227597 + Introduced through: expat/libexpat1@2.5.0-1, glibc/libc-devtools@2.36-9+deb12u7 + From: expat/libexpat1@2.5.0-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > expat/libexpat1@2.5.0-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227603 + Introduced through: expat/libexpat1@2.5.0-1, glibc/libc-devtools@2.36-9+deb12u7 + From: expat/libexpat1@2.5.0-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > expat/libexpat1@2.5.0-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in expat/libexpat1 + Description: CVE-2024-28757 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6420595 + Introduced through: expat/libexpat1@2.5.0-1, glibc/libc-devtools@2.36-9+deb12u7 + From: expat/libexpat1@2.5.0-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > expat/libexpat1@2.5.0-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in dav1d/libdav1d6 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-DAV1D-5518047 + Introduced through: dav1d/libdav1d6@1.0.0-2+deb12u1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: dav1d/libdav1d6@1.0.0-2+deb12u1 + From: libavif/libavif15@0.11.1-1 > dav1d/libdav1d6@1.0.0-2+deb12u1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > dav1d/libdav1d6@1.0.0-2+deb12u1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2379 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-CURL-6501697 + Introduced through: curl@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2398 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-CURL-6501702 + Introduced through: curl@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.88.1-10+deb12u6 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2004 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-CURL-6501703 + Introduced through: curl@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 + From: curl@7.88.1-10+deb12u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.88.1-10+deb12u6 + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543939 + Introduced through: coreutils@9.1-1 + From: coreutils@9.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543947 + Introduced through: coreutils@9.1-1 + From: coreutils@9.1-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in apt/libapt-pkg6.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-APT-1541449 + Introduced through: apt/libapt-pkg6.0@2.6.1, apt@2.6.1 + From: apt/libapt-pkg6.0@2.6.1 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 + From: apt@2.6.1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in aom/libaom3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-AOM-5878995 + Introduced through: aom/libaom3@3.6.0-1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: aom/libaom3@3.6.0-1 + From: libavif/libavif15@0.11.1-1 > aom/libaom3@3.6.0-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > aom/libaom3@3.6.0-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in aom/libaom3 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-AOM-6140324 + Introduced through: aom/libaom3@3.6.0-1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: aom/libaom3@3.6.0-1 + From: libavif/libavif15@0.11.1-1 > aom/libaom3@3.6.0-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > aom/libaom3@3.6.0-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Low severity vulnerability found in aom/libaom3 + Description: CVE-2024-5171 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-AOM-7197979 + Introduced through: aom/libaom3@3.6.0-1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 + From: aom/libaom3@3.6.0-1 + From: libavif/libavif15@0.11.1-1 > aom/libaom3@3.6.0-1 + From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > aom/libaom3@3.6.0-1 + Image layer: Introduced by your base image (debian:12.4-slim) + +✗ Medium severity vulnerability found in openssl/libssl3 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6048820 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.0.13-1~deb12u1 + +✗ Medium severity vulnerability found in openssl/libssl3 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6148845 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.0.13-1~deb12u1 + +✗ Medium severity vulnerability found in openssl/libssl3 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6190223 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 + From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 + From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 + From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 + and 4 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.0.13-1~deb12u1 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507 + Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 + From: systemd/libsystemd0@252.22-1~deb12u1 + From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 252.23-1~deb12u1 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 + Introduced through: curl@7.88.1-10+deb12u5, util-linux@2.38.1-5+deb12u1, apt@2.6.1, dash@0.5.12-2, glibc/libc-devtools@2.36-9+deb12u7 + From: curl@7.88.1-10+deb12u5 > zlib/zlib1g@1:1.2.13.dfsg-1 + From: util-linux@2.38.1-5+deb12u1 > zlib/zlib1g@1:1.2.13.dfsg-1 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > zlib/zlib1g@1:1.2.13.dfsg-1 + and 9 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|fiware/orion +Docker image: fiware/orion:latest +Platform: linux/amd64 +Base image: debian:12.4-slim +Licenses: enabled + +Tested 159 dependencies for known issues, found 95 issues. + +Base Image Vulnerabilities Severity +debian:12.4-slim 48 1 critical, 3 high, 2 medium, 42 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +debian:bookworm-20240701-slim 33 1 critical, 0 high, 0 medium, 32 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` diff --git a/Snyk/scan_results/grafana_grafana_9.3.0.md b/Snyk/scan_results/grafana_grafana_9.3.0.md new file mode 100644 index 0000000..666beeb --- /dev/null +++ b/Snyk/scan_results/grafana_grafana_9.3.0.md @@ -0,0 +1,440 @@ +**Scanning grafana/grafana:9.3.0** +``` + +Testing grafana/grafana:9.3.0... + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314628 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1t-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5291790 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1t-r2 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5661569 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1u-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5788364 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1u-r2 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5821139 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1v-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-6070608 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1w-r1 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314621 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1t-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Access of Resource Using Incompatible Type ('Type Confusion') + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314622 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1t-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314629 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1t-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3368753 + Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 + From: openssl/libcrypto1.1@1.1.1q-r0 + From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 + From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 + and 5 more... + Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' + Fixed in: 1.1.1t-r2 + +✗ High severity vulnerability found in ncurses/ncurses-terminfo-base + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE315-NCURSES-5606598 + Introduced through: ncurses/ncurses-terminfo-base@6.3_p20211120-r1, ncurses/ncurses-libs@6.3_p20211120-r1, readline/readline@8.1.1-r0 + From: ncurses/ncurses-terminfo-base@6.3_p20211120-r1 + From: ncurses/ncurses-libs@6.3_p20211120-r1 > ncurses/ncurses-terminfo-base@6.3_p20211120-r1 + From: ncurses/ncurses-libs@6.3_p20211120-r1 + and 1 more... + Image layer: Introduced by your base image (grafana/grafana:9.3.0) + Fixed in: 6.3_p20211120-r2 + + + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|grafana/grafana +Docker image: grafana/grafana:9.3.0 +Platform: linux/amd64 +Base image: grafana/grafana:9.3.0 +Licenses: enabled + +Tested 24 dependencies for known issues, found 11 issues. + +Base Image Vulnerabilities Severity +grafana/grafana:9.3.0 11 0 critical, 5 high, 6 medium, 0 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +grafana/grafana:9.5.20 8 0 critical, 0 high, 4 medium, 4 low + +Major upgrades +Base Image Vulnerabilities Severity +grafana/grafana:11.0.1 8 0 critical, 0 high, 4 medium, 4 low + +Alpine 3.15.6 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates. + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing grafana/grafana:9.3.0... + +✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json + Description: Infinite loop + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 + Introduced through: google.golang.org/protobuf/internal/encoding/json@v1.28.1 + From: google.golang.org/protobuf/internal/encoding/json@v1.28.1 + Fixed in: 1.33.0 + +✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 + Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 + From: google.golang.org/protobuf/encoding/protojson@v1.28.1 + Fixed in: 1.32.0 + +✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson + Description: Infinite loop + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 + Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 + From: google.golang.org/protobuf/encoding/protojson@v1.28.1 + Fixed in: 1.33.0 + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.4.0 + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/crypto/ssh + Description: Authentication Bypass by Capture-replay + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 + Introduced through: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d + From: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in github.com/prometheus/exporter-toolkit/web + Description: Incorrect Implementation of Authentication Algorithm + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSEXPORTERTOOLKITWEB-3150818 + Introduced through: github.com/prometheus/exporter-toolkit/web@v0.7.1 + From: github.com/prometheus/exporter-toolkit/web@v0.7.1 + Fixed in: 0.7.2, 0.8.2 + +✗ Medium severity vulnerability found in github.com/go-git/go-git/v5/plumbing + Description: Uncontrolled Resource Consumption ('Resource Exhaustion') + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-6140319 + Introduced through: github.com/go-git/go-git/v5/plumbing@v5.4.2 + From: github.com/go-git/go-git/v5/plumbing@v5.4.2 + Fixed in: 5.11.0 + +✗ High severity vulnerability found in google.golang.org/grpc + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 + Introduced through: google.golang.org/grpc@v1.45.0 + From: google.golang.org/grpc@v1.45.0 + Fixed in: 1.56.3, 1.57.1, 1.58.3 + +✗ High severity vulnerability found in golang.org/x/net/http2/hpack + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2HPACK-3358253 + Introduced through: golang.org/x/net/http2/hpack@v0.1.0 + From: golang.org/x/net/http2/hpack@v0.1.0 + Fixed in: 0.7.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.7.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.23.0 + +✗ High severity vulnerability found in github.com/mattn/go-sqlite3 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMATTNGOSQLITE3-6139875 + Introduced through: github.com/mattn/go-sqlite3@v1.14.16 + From: github.com/mattn/go-sqlite3@v1.14.16 + Fixed in: 1.14.18 + +✗ High severity vulnerability found in github.com/elazarl/goproxy + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247 + Introduced through: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac + From: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac + +✗ Critical severity vulnerability found in github.com/go-git/go-git/v5 + Description: Path Traversal + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5-6150754 + Introduced through: github.com/go-git/go-git/v5@v5.4.2 + From: github.com/go-git/go-git/v5@v5.4.2 + Fixed in: 5.11.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/share/grafana/bin/grafana-cli +Project name: github.com/grafana/grafana +Docker image: grafana/grafana:9.3.0 +Licenses: enabled + +Tested 747 dependencies for known issues, found 16 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test grafana/grafana:9.3.0 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing grafana/grafana:9.3.0... + +✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json + Description: Infinite loop + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 + Introduced through: google.golang.org/protobuf/internal/encoding/json@v1.28.1 + From: google.golang.org/protobuf/internal/encoding/json@v1.28.1 + Fixed in: 1.33.0 + +✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 + Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 + From: google.golang.org/protobuf/encoding/protojson@v1.28.1 + Fixed in: 1.32.0 + +✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson + Description: Infinite loop + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 + Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 + From: google.golang.org/protobuf/encoding/protojson@v1.28.1 + Fixed in: 1.33.0 + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.4.0 + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/crypto/ssh + Description: Authentication Bypass by Capture-replay + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 + Introduced through: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d + From: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/crypto/openpgp/clearsign + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOOPENPGPCLEARSIGN-5813980 + Introduced through: golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220622213112-05595931fe9d + From: golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220622213112-05595931fe9d + Fixed in: 0.1.0 + +✗ Medium severity vulnerability found in github.com/ua-parser/uap-go/uaparser + Description: Regular Expression Denial of Service (ReDoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUAPARSERUAPGOUAPARSER-1298048 + Introduced through: github.com/ua-parser/uap-go/uaparser@v0.0.0-20211112212520-00c877edfe0f + From: github.com/ua-parser/uap-go/uaparser@v0.0.0-20211112212520-00c877edfe0f + +✗ Medium severity vulnerability found in github.com/prometheus/exporter-toolkit/web + Description: Incorrect Implementation of Authentication Algorithm + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSEXPORTERTOOLKITWEB-3150818 + Introduced through: github.com/prometheus/exporter-toolkit/web@v0.7.1 + From: github.com/prometheus/exporter-toolkit/web@v0.7.1 + Fixed in: 0.7.2, 0.8.2 + +✗ Medium severity vulnerability found in github.com/go-git/go-git/v5/plumbing + Description: Uncontrolled Resource Consumption ('Resource Exhaustion') + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-6140319 + Introduced through: github.com/go-git/go-git/v5/plumbing@v5.4.2 + From: github.com/go-git/go-git/v5/plumbing@v5.4.2 + Fixed in: 5.11.0 + +✗ High severity vulnerability found in google.golang.org/grpc + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 + Introduced through: google.golang.org/grpc@v1.45.0 + From: google.golang.org/grpc@v1.45.0 + Fixed in: 1.56.3, 1.57.1, 1.58.3 + +✗ High severity vulnerability found in golang.org/x/net/http2/hpack + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2HPACK-3358253 + Introduced through: golang.org/x/net/http2/hpack@v0.1.0 + From: golang.org/x/net/http2/hpack@v0.1.0 + Fixed in: 0.7.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.7.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 + Introduced through: golang.org/x/net/http2@v0.1.0 + From: golang.org/x/net/http2@v0.1.0 + Fixed in: 0.23.0 + +✗ High severity vulnerability found in github.com/mattn/go-sqlite3 + Description: Heap-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMATTNGOSQLITE3-6139875 + Introduced through: github.com/mattn/go-sqlite3@v1.14.16 + From: github.com/mattn/go-sqlite3@v1.14.16 + Fixed in: 1.14.18 + +✗ High severity vulnerability found in github.com/elazarl/goproxy + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247 + Introduced through: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac + From: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac + +✗ Critical severity vulnerability found in github.com/go-git/go-git/v5 + Description: Path Traversal + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5-6150754 + Introduced through: github.com/go-git/go-git/v5@v5.4.2 + From: github.com/go-git/go-git/v5@v5.4.2 + Fixed in: 5.11.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/share/grafana/bin/grafana-server +Project name: github.com/grafana/grafana +Docker image: grafana/grafana:9.3.0 +Licenses: enabled + +Tested 910 dependencies for known issues, found 18 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test grafana/grafana:9.3.0 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 3 projects, 3 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/mongo-express_1.0.2-20.md b/Snyk/scan_results/mongo-express_1.0.2-20.md new file mode 100644 index 0000000..40f6cf5 --- /dev/null +++ b/Snyk/scan_results/mongo-express_1.0.2-20.md @@ -0,0 +1,237 @@ +**Scanning mongo-express:1.0.2-20** +``` + +Testing mongo-express:1.0.2-20... + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964 + Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 + From: openssl/libcrypto3@3.1.4-r5 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 + From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 + and 4 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 3.1.4-r6 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-4603 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6928857 + Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 + From: openssl/libcrypto3@3.1.4-r5 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 + From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 + and 4 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 3.1.5-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525 + Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 + From: openssl/libcrypto3@3.1.4-r5 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 + From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 + and 4 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 3.1.6-r0 + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536 + Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 + From: openssl/libcrypto3@3.1.4-r5 + From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 + From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 + and 4 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 3.1.6-r0 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-6913411 + Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 + From: busybox/busybox@1.36.1-r5 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 + From: busybox/busybox-binsh@1.36.1-r5 + and 3 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 1.36.1-r6 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249236 + Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 + From: busybox/busybox@1.36.1-r5 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 + From: busybox/busybox-binsh@1.36.1-r5 + and 3 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 1.36.1-r7 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249265 + Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 + From: busybox/busybox@1.36.1-r5 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 + From: busybox/busybox-binsh@1.36.1-r5 + and 3 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 1.36.1-r7 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249419 + Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 + From: busybox/busybox@1.36.1-r5 + From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 + From: busybox/busybox-binsh@1.36.1-r5 + and 3 more... + Image layer: 'apk add --no-cache bash tini' + Fixed in: 1.36.1-r7 + +------------ Detected 5 vulnerabilities for node@20.13.1 ------------ + + +✗ Low severity vulnerability found in node + Description: Authorization Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430907 + Introduced through: node@20.13.1 + From: node@20.13.1 + Image layer: Introduced by your base image (alpine:3.18.6) + Fixed in: 20.15.1, 22.4.1 + +✗ Low severity vulnerability found in node + Description: Authorization Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430909 + Introduced through: node@20.13.1 + From: node@20.13.1 + Image layer: Introduced by your base image (alpine:3.18.6) + Fixed in: 20.15.1, 22.4.1 + +✗ Low severity vulnerability found in node + Description: Improper Handling of Values + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430912 + Introduced through: node@20.13.1 + From: node@20.13.1 + Image layer: Introduced by your base image (alpine:3.18.6) + Fixed in: 20.15.1, 22.4.1 + +✗ Medium severity vulnerability found in node + Description: Improper Control of Generation of Code ('Code Injection') + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430900 + Introduced through: node@20.13.1 + From: node@20.13.1 + Image layer: Introduced by your base image (alpine:3.18.6) + Fixed in: 20.15.1 + +✗ Medium severity vulnerability found in node + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430905 + Introduced through: node@20.13.1 + From: node@20.13.1 + Image layer: Introduced by your base image (alpine:3.18.6) + Fixed in: 20.15.1 + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|mongo-express +Docker image: mongo-express:1.0.2-20 +Platform: linux/amd64 +Base image: alpine:3.18.6 +Licenses: enabled + +Tested 22 dependencies for known issues, found 13 issues. + +Base Image Vulnerabilities Severity +alpine:3.18.6 8 0 critical, 0 high, 4 medium, 4 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +alpine:3 1 0 critical, 0 high, 0 medium, 1 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing mongo-express:1.0.2-20... + +Tested 391 dependencies for known issues, found 14 issues. + + +Issues to fix by upgrading: + + Upgrade express@4.18.2 to express@4.19.2 to fix + ✗ Open Redirect [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-EXPRESS-6474509] in express@4.18.2 + introduced by express@4.18.2 + + Upgrade mongodb@4.13.0 to mongodb@4.17.0 to fix + ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-MONGODB-5871303] in mongodb@4.13.0 + introduced by mongodb@4.13.0 + + Upgrade mongodb-query-parser@2.4.6 to mongodb-query-parser@2.4.7 to fix + ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-ASYNC-7414156] in async@3.2.4 + introduced by mongodb-query-parser@2.4.6 > mongodb-extended-json@1.11.0 > async@3.2.4 + + +Issues with no direct upgrade or patch: + ✗ Incomplete List of Disallowed Inputs [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462] in @babel/traverse@7.19.6 + introduced by nyc@15.1.0 > istanbul-lib-instrument@4.0.3 > @babel/core@7.19.6 > @babel/traverse@7.19.6 and 2 other path(s) + This issue was fixed in versions: 7.23.2, 8.0.0-alpha.4 + ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 + introduced by cli-color@2.0.3 > es5-ext@0.10.62 and 91 other path(s) + This issue was fixed in versions: 0.10.63 + ✗ Arbitrary File Upload [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-2635697] in express-fileupload@1.4.0 + introduced by express-fileupload@1.4.0 + No upgrade or patch available + ✗ Arbitrary File Upload [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-2635946] in express-fileupload@1.4.0 + introduced by express-fileupload@1.4.0 + No upgrade or patch available + ✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-3325616] in fast-xml-parser@4.0.11 + introduced by mongodb@4.13.0 > @aws-sdk/credential-providers@3.204.0 > @aws-sdk/client-sts@3.204.0 > fast-xml-parser@4.0.11 and 2 other path(s) + This issue was fixed in versions: 4.1.2 + ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858] in fast-xml-parser@4.0.11 + introduced by mongodb@4.13.0 > @aws-sdk/credential-providers@3.204.0 > @aws-sdk/client-sts@3.204.0 > fast-xml-parser@4.0.11 and 2 other path(s) + This issue was fixed in versions: 4.2.4 + ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 + introduced by nyc@15.1.0 > glob@7.2.3 > inflight@1.0.6 and 4 other path(s) + No upgrade or patch available + ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 + introduced by mongodb@4.13.0 > socks@2.7.1 > ip@2.0.0 + This issue was fixed in versions: 1.1.9, 2.0.1 + ✗ Server-Side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-IP-7148531] in ip@2.0.0 + introduced by mongodb@4.13.0 > socks@2.7.1 > ip@2.0.0 + No upgrade or patch available + ✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856] in json5@2.2.1 + introduced by nyc@15.1.0 > istanbul-lib-instrument@4.0.3 > @babel/core@7.19.6 > json5@2.2.1 + This issue was fixed in versions: 1.0.2, 2.2.2 + ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@6.3.0 + introduced by nyc@15.1.0 > make-dir@3.1.0 > semver@6.3.0 and 8 other path(s) + This issue was fixed in versions: 5.7.2, 6.3.1, 7.5.2 + + + +Organization: bhavdeep1304 +Package manager: yarn +Target file: /app/package.json +Project name: mongo-express +Docker image: mongo-express:1.0.2-20 +Licenses: enabled + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test mongo-express:1.0.2-20 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 2 projects, 2 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/mongo_4.4.md b/Snyk/scan_results/mongo_4.4.md new file mode 100644 index 0000000..09fb69a --- /dev/null +++ b/Snyk/scan_results/mongo_4.4.md @@ -0,0 +1,229 @@ +**Scanning mongo:4.4** +``` + +Testing mongo:4.4... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-26604 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-3339226 + Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, systemd/libudev1@245.4-4ubuntu3.23 + From: systemd/libsystemd0@245.4-4ubuntu3.23 + From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 + From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 + and 6 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-6137854 + Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, systemd/libudev1@245.4-4ubuntu3.23 + From: systemd/libsystemd0@245.4-4ubuntu3.23 + From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 + From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 + and 6 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-5425687 + Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.5, util-linux/mount@2.34-0.1ubuntu9.6 + From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 + From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 + From: shadow/login@1:4.8.1-1ubuntu5.20.04.5 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-577863 + Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.5, util-linux/mount@2.34-0.1ubuntu9.6 + From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 + From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 + From: shadow/login@1:4.8.1-1ubuntu5.20.04.5 + and 1 more... + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE3-580031 + Introduced through: pcre3/libpcre3@2:8.39-12ubuntu0.1, grep@3.4-1 + From: pcre3/libpcre3@2:8.39-12ubuntu0.1 + From: grep@3.4-1 > pcre3/libpcre3@2:8.39-12ubuntu0.1 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-6592107 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@4.4.29 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 + From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.22 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-mongos@4.4.29 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 + and 6 more... + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-7151336 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@4.4.29 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 + From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.22 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-mongos@4.4.29 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 + and 6 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6123866 + Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 + From: ncurses/libtinfo6@6.2-0ubuntu2.1 + From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 + From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 + and 12 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6253014 + Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 + From: ncurses/libtinfo6@6.2-0ubuntu2.1 + From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 + From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 + and 12 more... + +✗ Low severity vulnerability found in krb5/krb5-locales + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-579303 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + and 10 more... + +✗ Low severity vulnerability found in krb5/krb5-locales + Description: CVE-2024-26461 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281066 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + and 10 more... + +✗ Low severity vulnerability found in krb5/krb5-locales + Description: CVE-2024-26458 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281078 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + and 10 more... + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUPG2-3035407 + Introduced through: gnupg2/gpgv@2.2.19-3ubuntu2.2, apt@2.0.10 + From: gnupg2/gpgv@2.2.19-3ubuntu2.2 + From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-1297554 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 + From: glibc/libc-bin@2.31-0ubuntu9.15 + From: glibc/libc6@2.31-0ubuntu9.15 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-2415100 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 + From: glibc/libc-bin@2.31-0ubuntu9.15 + From: glibc/libc6@2.31-0ubuntu9.15 + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-COREUTILS-583876 + Introduced through: coreutils@8.30-3ubuntu2 + From: coreutils@8.30-3ubuntu2 + +✗ Medium severity vulnerability found in xz-utils/liblzma5 + Description: CVE-2020-22916 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-XZUTILS-5854646 + Introduced through: xz-utils/liblzma5@5.2.4-1ubuntu1.1 + From: xz-utils/liblzma5@5.2.4-1ubuntu1.1 + +✗ Medium severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-LIBGCRYPT20-6411449 + Introduced through: libgcrypt20@1.8.5-5ubuntu1.1, apt@2.0.10 + From: libgcrypt20@1.8.5-5ubuntu1.1 + From: apt@2.0.10 > apt/libapt-pkg6.0@2.0.10 > libgcrypt20@1.8.5-5ubuntu1.1 + From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 > libgcrypt20@1.8.5-5ubuntu1.1 + and 1 more... + +✗ Medium severity vulnerability found in krb5/krb5-locales + Description: CVE-2024-26462 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281072 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 + and 10 more... + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674185 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 + From: glibc/libc-bin@2.31-0ubuntu9.15 + From: glibc/libc6@2.31-0ubuntu9.15 + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674200 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 + From: glibc/libc-bin@2.31-0ubuntu9.15 + From: glibc/libc6@2.31-0ubuntu9.15 + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674209 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 + From: glibc/libc-bin@2.31-0ubuntu9.15 + From: glibc/libc6@2.31-0ubuntu9.15 + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674218 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 + From: glibc/libc-bin@2.31-0ubuntu9.15 + From: glibc/libc6@2.31-0ubuntu9.15 + Fixed in: 2.31-0ubuntu9.16 + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|mongo +Docker image: mongo:4.4 +Platform: linux/amd64 +Licenses: enabled + +Tested 136 dependencies for known issues, found 23 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test mongo:4.4 --file=path/to/Dockerfile + +To remove this message in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing mongo:4.4... + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/local/bin/gosu +Project name: github.com/tianon/gosu +Docker image: mongo:4.4 +Licenses: enabled + +✔ Tested 2 dependencies for known issues, no vulnerable paths found. + + +Tested 2 projects, 1 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/mongo_5.0.24.md b/Snyk/scan_results/mongo_5.0.24.md new file mode 100644 index 0000000..8cfcf32 --- /dev/null +++ b/Snyk/scan_results/mongo_5.0.24.md @@ -0,0 +1,327 @@ +**Scanning mongo:5.0.24** +``` + +Testing mongo:5.0.24... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-26604 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-3339226 + Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, systemd/libudev1@245.4-4ubuntu3.23 + From: systemd/libsystemd0@245.4-4ubuntu3.23 + From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 + From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 + and 6 more... + Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-6137854 + Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, systemd/libudev1@245.4-4ubuntu3.23 + From: systemd/libsystemd0@245.4-4ubuntu3.23 + From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 + From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 + and 6 more... + Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-5425687 + Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.4, util-linux/mount@2.34-0.1ubuntu9.4 + From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 + From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 + From: shadow/login@1:4.8.1-1ubuntu5.20.04.4 + and 1 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-577863 + Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.4, util-linux/mount@2.34-0.1ubuntu9.4 + From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 + From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 + From: shadow/login@1:4.8.1-1ubuntu5.20.04.4 + and 1 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-5879186 + Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.4, util-linux/mount@2.34-0.1ubuntu9.4 + From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 + From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 + From: shadow/login@1:4.8.1-1ubuntu5.20.04.4 + and 1 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 1:4.8.1-1ubuntu5.20.04.5 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE3-580031 + Introduced through: pcre3/libpcre3@2:8.39-12ubuntu0.1, grep@3.4-1 + From: pcre3/libpcre3@2:8.39-12ubuntu0.1 + From: grep@3.4-1 > pcre3/libpcre3@2:8.39-12ubuntu0.1 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-6592107 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@5.0.24 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 + From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.21 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-mongos@5.0.24 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 + and 6 more... + Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-7151336 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@5.0.24 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 + From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.21 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-mongos@5.0.24 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 + and 6 more... + Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6123866 + Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 + From: ncurses/libtinfo6@6.2-0ubuntu2.1 + From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 + From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 + and 12 more... + Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6253014 + Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 + From: ncurses/libtinfo6@6.2-0ubuntu2.1 + From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 + From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 + and 12 more... + Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' + +✗ Low severity vulnerability found in krb5/krb5-locales + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-579303 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 + and 7 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in krb5/krb5-locales + Description: CVE-2024-26461 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281066 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 + and 7 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in krb5/krb5-locales + Description: CVE-2024-26458 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281078 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 + and 7 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUPG2-3035407 + Introduced through: gnupg2/gpgv@2.2.19-3ubuntu2.2, apt@2.0.10 + From: gnupg2/gpgv@2.2.19-3ubuntu2.2 + From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-1297554 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-2415100 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-COREUTILS-583876 + Introduced through: coreutils@8.30-3ubuntu2 + From: coreutils@8.30-3ubuntu2 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Medium severity vulnerability found in xz-utils/liblzma5 + Description: CVE-2020-22916 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-XZUTILS-5854646 + Introduced through: xz-utils/liblzma5@5.2.4-1ubuntu1.1 + From: xz-utils/liblzma5@5.2.4-1ubuntu1.1 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Medium severity vulnerability found in util-linux/libblkid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-UTILLINUX-6508371 + Introduced through: util-linux/libblkid1@2.34-0.1ubuntu9.4, e2fsprogs@1.45.5-2ubuntu1.1, util-linux/mount@2.34-0.1ubuntu9.4, util-linux/fdisk@2.34-0.1ubuntu9.4, util-linux/libuuid1@2.34-0.1ubuntu9.4, util-linux@2.34-0.1ubuntu9.4, sysvinit/sysvinit-utils@2.96-2.1ubuntu1, util-linux/bsdutils@1:2.34-0.1ubuntu9.4, util-linux/libfdisk1@2.34-0.1ubuntu9.4, util-linux/libmount1@2.34-0.1ubuntu9.4, util-linux/libsmartcols1@2.34-0.1ubuntu9.4 + From: util-linux/libblkid1@2.34-0.1ubuntu9.4 + From: e2fsprogs@1.45.5-2ubuntu1.1 > util-linux/libblkid1@2.34-0.1ubuntu9.4 + From: util-linux/mount@2.34-0.1ubuntu9.4 > util-linux/libblkid1@2.34-0.1ubuntu9.4 + and 23 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 2.34-0.1ubuntu9.5 + +✗ Medium severity vulnerability found in nghttp2/libnghttp2-14 + Description: CVE-2024-28182 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NGHTTP2-6553931 + Introduced through: mongodb-org@5.0.24 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-shell@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 > nghttp2/libnghttp2-14@1.40.0-1ubuntu0.2 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 1.40.0-1ubuntu0.3 + +✗ Medium severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-LIBGCRYPT20-6411449 + Introduced through: libgcrypt20@1.8.5-5ubuntu1.1, apt@2.0.10 + From: libgcrypt20@1.8.5-5ubuntu1.1 + From: apt@2.0.10 > apt/libapt-pkg6.0@2.0.10 > libgcrypt20@1.8.5-5ubuntu1.1 + From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 > libgcrypt20@1.8.5-5ubuntu1.1 + and 1 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Medium severity vulnerability found in krb5/krb5-locales + Description: CVE-2024-26462 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281072 + Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 + From: krb5/krb5-locales@1.17-6ubuntu4.4 + From: krb5/libkrb5support0@1.17-6ubuntu4.4 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 + and 7 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUTLS28-6481604 + Introduced through: gnutls28/libgnutls30@3.6.13-2ubuntu1.10, apt@2.0.10, mongodb-org@5.0.24 + From: gnutls28/libgnutls30@3.6.13-2ubuntu1.10 + From: apt@2.0.10 > gnutls28/libgnutls30@3.6.13-2ubuntu1.10 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-shell@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.10 > gnutls28/libgnutls30@3.6.13-2ubuntu1.10 + and 1 more... + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 3.6.13-2ubuntu1.11 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6663150 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 2.31-0ubuntu9.15 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674185 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674200 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674209 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674218 + Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 + From: glibc/libc-bin@2.31-0ubuntu9.14 + From: glibc/libc6@2.31-0ubuntu9.14 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 2.31-0ubuntu9.16 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2398 + Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-CURL-6507270 + Introduced through: mongodb-org@5.0.24 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-mongos@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-server@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 + From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-shell@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 + Image layer: Introduced by your base image (mongo:5.0.24-focal) + Fixed in: 7.68.0-1ubuntu2.22 + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|mongo +Docker image: mongo:5.0.24 +Platform: linux/amd64 +Base image: mongo:5.0.24-focal +Licenses: enabled + +Tested 138 dependencies for known issues, found 29 issues. + +Base Image Vulnerabilities Severity +mongo:5.0.24-focal 29 0 critical, 0 high, 12 medium, 17 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +mongo:5.0.26-focal 19 0 critical, 0 high, 3 medium, 16 low + +Alternative image types +Base Image Vulnerabilities Severity +mongo:8.0.0-rc9 19 0 critical, 0 high, 3 medium, 16 low +mongo:8.0.0-rc9-jammy 19 0 critical, 0 high, 3 medium, 16 low +mongo:5.0.27-rc0-focal 19 0 critical, 0 high, 3 medium, 16 low +mongo:5.0.27-rc0 19 0 critical, 0 high, 3 medium, 16 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing mongo:5.0.24... + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/local/bin/gosu +Project name: github.com/tianon/gosu +Docker image: mongo:5.0.24 +Licenses: enabled + +✔ Tested 2 dependencies for known issues, no vulnerable paths found. + + +Tested 2 projects, 1 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/n5gehtoolsmqtt-gateway-api_latest.md b/Snyk/scan_results/n5gehtoolsmqtt-gateway-api_latest.md new file mode 100644 index 0000000..42e3440 --- /dev/null +++ b/Snyk/scan_results/n5gehtoolsmqtt-gateway-api_latest.md @@ -0,0 +1,908 @@ +**Scanning n5gehtoolsmqtt-gateway-api:latest** +``` + +Testing n5gehtoolsmqtt-gateway-api:latest... + +✗ Low severity vulnerability found in util-linux/libuuid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + +✗ Low severity vulnerability found in util-linux/libuuid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-6508628 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + Fixed in: 2.33.1-0.1+deb10u1 + +✗ Low severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: CVE-2023-39804 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + Fixed in: 1.30+dfsg-6+deb10u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Privilege Chaining + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-1569415 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-2407046 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Improper Validation of Array Index + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-2959398 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: CVE-2019-19244 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-535712 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537251 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: CVE-2019-19603 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537598 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Improper Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539769 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-5562379 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-565214 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: CVE-2020-13631 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570487 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-6139921 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 + Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 + From: pam/libpam0g@1.3.1-5 + From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 + From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 + and 11 more... + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-6048818 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-6190221 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-6592095 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-7151356 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-7411352 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + +✗ Low severity vulnerability found in lz4/liblz4-1 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 + Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 + From: lz4/liblz4-1@1.8.3-1+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > lz4/liblz4-1@1.8.3-1+deb10u1 + +✗ Low severity vulnerability found in libtasn1-6 + Description: CVE-2018-1000654 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 + Introduced through: libtasn1-6@4.13-3+deb10u1, apt@1.8.2.3 + From: libtasn1-6@4.13-3+deb10u1 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 > libtasn1-6@4.13-3+deb10u1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libseccomp/libseccomp2 + Description: CVE-2019-9893 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 + Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 + From: libseccomp/libseccomp2@2.3.3-4 + From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 + +✗ Low severity vulnerability found in libidn2/libidn2-0 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 + Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 + From: libidn2/libidn2-0@2.0.5-1+deb10u1 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 > libidn2/libidn2-0@2.0.5-1+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u10, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u10 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 + Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 + From: gnupg2/gpgv@2.2.12-1+deb10u2 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 + Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 + From: gnupg2/gpgv@2.2.12-1+deb10u2 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6617101 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + Fixed in: 2.28-10+deb10u3 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673956 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673957 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673966 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673971 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in gcc-8/libstdc++6 + Description: Insufficient Entropy + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Low severity vulnerability found in gcc-8/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Low severity vulnerability found in expat/libexpat1 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-358079 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6227595 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + +✗ Low severity vulnerability found in expat/libexpat1 + Description: CVE-2024-28757 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6420597 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + +✗ Low severity vulnerability found in e2fsprogs/libcom-err2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 + Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 + From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + and 5 more... + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 + Introduced through: coreutils@8.30-3 + From: coreutils@8.30-3 + +✗ Low severity vulnerability found in coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 + Introduced through: coreutils@8.30-3 + From: coreutils@8.30-3 + +✗ Low severity vulnerability found in bash + Description: Improper Check for Dropped Privileges + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 + Introduced through: bash@5.0-4 + From: bash@5.0-4 + +✗ Low severity vulnerability found in apt/libapt-pkg5.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 + Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 + From: apt/libapt-pkg5.0@1.8.2.3 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 + From: apt@1.8.2.3 + +✗ Medium severity vulnerability found in util-linux/libuuid1 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + Fixed in: 2.33.1-0.1+deb10u1 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + Fixed in: 241-7~deb10u10 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: CVE-2022-4415 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-5788323 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + Fixed in: 1.1.1n-0+deb10u6 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-5812635 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + Fixed in: 1.1.1n-0+deb10u6 + +✗ Medium severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + Fixed in: 6.1+20181013-2+deb10u4 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u10, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u10 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 + Fixed in: 3.6.7-4+deb10u11 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + Fixed in: 6.1+20181013-2+deb10u5 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + Fixed in: 6.1+20181013-2+deb10u5 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u10, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u10 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 + Fixed in: 3.6.7-4+deb10u12 + +✗ High severity vulnerability found in glibc/libc-bin + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ High severity vulnerability found in gcc-8/libstdc++6 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ High severity vulnerability found in expat/libexpat1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6227596 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + Fixed in: 2.2.6-2+deb10u7 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 + From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 + +✗ Critical severity vulnerability found in db5.3/libdb5.3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 + Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 + From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|n5gehtoolsmqtt-gateway-api +Docker image: n5gehtoolsmqtt-gateway-api:latest +Platform: linux/amd64 +Base image: python:3.10.12-slim-buster +Licenses: enabled + +Tested 93 dependencies for known issues, found 108 issues. + +Base Image Vulnerabilities Severity +python:3.10.12-slim-buster 108 2 critical, 7 high, 7 medium, 92 low + +Recommendations for base image upgrade: + +Alternative image types +Base Image Vulnerabilities Severity +python:3.13.0b2-slim 43 1 critical, 0 high, 0 medium, 42 low +python:3.12.4-slim-bookworm 47 1 critical, 0 high, 0 medium, 46 low +python:3.13.0b2-slim-bullseye 78 1 critical, 1 high, 0 medium, 76 low +python:3.13.0b2-bookworm 197 2 critical, 0 high, 0 medium, 195 low + +Debian 10 is no longer supported by the Debian maintainers. Vulnerability detection may be affected by a lack of security updates. + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing n5gehtoolsmqtt-gateway-api:latest... + +Tested 20 dependencies for known issues, found 12 issues. + + +Issues to fix by upgrading dependencies: + + Upgrade aiohttp@3.8.4 to aiohttp@3.9.4 to fix + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-5798483] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6057353] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091623] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Infinite loop [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + + Upgrade fastapi@0.98.0 to fastapi@0.109.1 to fix + ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-FASTAPI-6228055] in fastapi@0.98.0 + introduced by fastapi@0.98.0 + + Upgrade pydantic@1.10.7 to pydantic@1.10.13 to fix + ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5907722] in pydantic@1.10.7 + introduced by pydantic@1.10.7 and 1 other path(s) + ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5926694] in pydantic@1.10.7 + introduced by pydantic@1.10.7 and 1 other path(s) + + + +Organization: bhavdeep1304 +Package manager: pip +Target file: /app/requirements.txt +Project name: /app/requirements.txt +Docker image: n5gehtoolsmqtt-gateway-api:latest +Licenses: enabled + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test n5gehtoolsmqtt-gateway-api:latest --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 2 projects, 2 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/n5gehtoolsmqtt-gateway-frontend_latest.md b/Snyk/scan_results/n5gehtoolsmqtt-gateway-frontend_latest.md new file mode 100644 index 0000000..8d96003 --- /dev/null +++ b/Snyk/scan_results/n5gehtoolsmqtt-gateway-frontend_latest.md @@ -0,0 +1,108 @@ +**Scanning n5gehtoolsmqtt-gateway-frontend:latest** +``` + +Testing n5gehtoolsmqtt-gateway-frontend:latest... + +✗ Low severity vulnerability found in openssl/libcrypto3 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532 + Introduced through: openssl/libcrypto3@3.3.1-r0, apk-tools/apk-tools@2.14.4-r0, busybox/ssl_client@1.36.1-r29, openssl/libssl3@3.3.1-r0 + From: openssl/libcrypto3@3.3.1-r0 + From: apk-tools/apk-tools@2.14.4-r0 > openssl/libcrypto3@3.3.1-r0 + From: busybox/ssl_client@1.36.1-r29 > openssl/libcrypto3@3.3.1-r0 + and 4 more... + Fixed in: 3.3.1-r1 + + + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|n5gehtoolsmqtt-gateway-frontend +Docker image: n5gehtoolsmqtt-gateway-frontend:latest +Platform: linux/amd64 +Licenses: enabled + +Tested 16 dependencies for known issues, found 1 issue. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test n5gehtoolsmqtt-gateway-frontend:latest --file=path/to/Dockerfile + +To remove this message in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing n5gehtoolsmqtt-gateway-frontend:latest... + +Organization: bhavdeep1304 +Package manager: npm +Target file: /app/package.json +Project name: frontend +Docker image: n5gehtoolsmqtt-gateway-frontend:latest +Licenses: enabled + +✔ Tested n5gehtoolsmqtt-gateway-frontend:latest for known issues, no vulnerable paths found. + +------------------------------------------------------- + +Testing n5gehtoolsmqtt-gateway-frontend:latest... + +✗ Medium severity vulnerability found in golang.org/x/sys/unix + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442 + Introduced through: golang.org/x/sys/unix@v0.0.0-20220715151400-c0bba94af5f8 + From: golang.org/x/sys/unix@v0.0.0-20220715151400-c0bba94af5f8 + Fixed in: 0.1.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/local/lib/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild +Project name: github.com/evanw/esbuild +Docker image: n5gehtoolsmqtt-gateway-frontend:latest +Licenses: enabled + +Tested 1 dependencies for known issues, found 1 issue. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test n5gehtoolsmqtt-gateway-frontend:latest --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing n5gehtoolsmqtt-gateway-frontend:latest... + +✗ Medium severity vulnerability found in golang.org/x/sys/unix + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442 + Introduced through: golang.org/x/sys/unix@v0.0.0-20220715151400-c0bba94af5f8 + From: golang.org/x/sys/unix@v0.0.0-20220715151400-c0bba94af5f8 + Fixed in: 0.1.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /app/node_modules/@esbuild/linux-x64/bin/esbuild +Project name: github.com/evanw/esbuild +Docker image: n5gehtoolsmqtt-gateway-frontend:latest +Licenses: enabled + +Tested 1 dependencies for known issues, found 1 issue. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test n5gehtoolsmqtt-gateway-frontend:latest --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 4 projects, 3 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/n5gehtoolsmqtt-gateway-gateway_latest.md b/Snyk/scan_results/n5gehtoolsmqtt-gateway-gateway_latest.md new file mode 100644 index 0000000..f070be0 --- /dev/null +++ b/Snyk/scan_results/n5gehtoolsmqtt-gateway-gateway_latest.md @@ -0,0 +1,904 @@ +**Scanning n5gehtoolsmqtt-gateway-gateway:latest** +``` + +Testing n5gehtoolsmqtt-gateway-gateway:latest... + +✗ Low severity vulnerability found in util-linux/libuuid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + +✗ Low severity vulnerability found in util-linux/libuuid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-6508628 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + Fixed in: 2.33.1-0.1+deb10u1 + +✗ Low severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + +✗ Low severity vulnerability found in tar + Description: CVE-2023-39804 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 + Introduced through: tar@1.30+dfsg-6 + From: tar@1.30+dfsg-6 + Fixed in: 1.30+dfsg-6+deb10u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Privilege Chaining + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-1569415 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-2407046 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Improper Validation of Array Index + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-2959398 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: CVE-2019-19244 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-535712 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537251 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: CVE-2019-19603 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537598 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Improper Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539769 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-5562379 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-565214 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: CVE-2020-13631 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570487 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-6139921 + Introduced through: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + From: sqlite3/libsqlite3-0@3.27.2-3+deb10u2 + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 + Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 + From: shadow/passwd@1:4.5-1.1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 + From: shadow/login@1:4.5-1.1 + and 1 more... + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 + Introduced through: perl/perl-base@5.28.1-6+deb10u1 + From: perl/perl-base@5.28.1-6+deb10u1 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 + Introduced through: pcre3/libpcre3@2:8.39-12 + From: pcre3/libpcre3@2:8.39-12 + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 + Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 + From: pam/libpam0g@1.3.1-5 + From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 + From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 + and 11 more... + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-6048818 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-6190221 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-6592095 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-7151356 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-7411352 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + +✗ Low severity vulnerability found in lz4/liblz4-1 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 + Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 + From: lz4/liblz4-1@1.8.3-1+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > lz4/liblz4-1@1.8.3-1+deb10u1 + +✗ Low severity vulnerability found in libtasn1-6 + Description: CVE-2018-1000654 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 + Introduced through: libtasn1-6@4.13-3+deb10u1, apt@1.8.2.3 + From: libtasn1-6@4.13-3+deb10u1 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 > libtasn1-6@4.13-3+deb10u1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 + Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 + From: libsepol/libsepol1@2.8-1 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 + +✗ Low severity vulnerability found in libseccomp/libseccomp2 + Description: CVE-2019-9893 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 + Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 + From: libseccomp/libseccomp2@2.3.3-4 + From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 + +✗ Low severity vulnerability found in libidn2/libidn2-0 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 + Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 + From: libidn2/libidn2-0@2.0.5-1+deb10u1 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 > libidn2/libidn2-0@2.0.5-1+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 + Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 + From: libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 > libgcrypt20@1.8.4-5+deb10u1 + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u10, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u10 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 + Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 + From: gnupg2/gpgv@2.2.12-1+deb10u2 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 + Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 + From: gnupg2/gpgv@2.2.12-1+deb10u2 + From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6617101 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + Fixed in: 2.28-10+deb10u3 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673956 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673957 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673966 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673971 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ Low severity vulnerability found in gcc-8/libstdc++6 + Description: Insufficient Entropy + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Low severity vulnerability found in gcc-8/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ Low severity vulnerability found in expat/libexpat1 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-358079 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6227595 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + +✗ Low severity vulnerability found in expat/libexpat1 + Description: CVE-2024-28757 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6420597 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + +✗ Low severity vulnerability found in e2fsprogs/libcom-err2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 + Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 + From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 + and 5 more... + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 + Introduced through: coreutils@8.30-3 + From: coreutils@8.30-3 + +✗ Low severity vulnerability found in coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 + Introduced through: coreutils@8.30-3 + From: coreutils@8.30-3 + +✗ Low severity vulnerability found in bash + Description: Improper Check for Dropped Privileges + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 + Introduced through: bash@5.0-4 + From: bash@5.0-4 + +✗ Low severity vulnerability found in apt/libapt-pkg5.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 + Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 + From: apt/libapt-pkg5.0@1.8.2.3 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 + From: apt@1.8.2.3 + +✗ Medium severity vulnerability found in util-linux/libuuid1 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 + Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 + From: util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 + From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 + and 25 more... + Fixed in: 2.33.1-0.1+deb10u1 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + Fixed in: 241-7~deb10u10 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: CVE-2022-4415 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-5788323 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + Fixed in: 1.1.1n-0+deb10u6 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-5812635 + Introduced through: openssl/libssl1.1@1.1.1n-0+deb10u5, ca-certificates@20200601~deb10u2 + From: openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 > openssl/libssl1.1@1.1.1n-0+deb10u5 + From: ca-certificates@20200601~deb10u2 > openssl@1.1.1n-0+deb10u5 + Fixed in: 1.1.1n-0+deb10u6 + +✗ Medium severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + Fixed in: 6.1+20181013-2+deb10u4 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u10, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u10 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 + Fixed in: 3.6.7-4+deb10u11 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 + Introduced through: systemd/libsystemd0@241-7~deb10u9, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u9 + From: systemd/libsystemd0@241-7~deb10u9 + From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u9 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u9 + and 4 more... + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + Fixed in: 6.1+20181013-2+deb10u5 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 + Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, readline/libreadline7@7.0-5, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/ncurses-base@6.1+20181013-2+deb10u3 + From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + From: ncurses/libncursesw6@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 + and 8 more... + Fixed in: 6.1+20181013-2+deb10u5 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 + Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u10, apt@1.8.2.3 + From: gnutls28/libgnutls30@3.6.7-4+deb10u10 + From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u10 + Fixed in: 3.6.7-4+deb10u12 + +✗ High severity vulnerability found in glibc/libc-bin + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 + Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 + From: glibc/libc-bin@2.28-10+deb10u2 + From: glibc/libc6@2.28-10+deb10u2 + +✗ High severity vulnerability found in gcc-8/libstdc++6 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 + Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 + From: gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 + and 2 more... + +✗ High severity vulnerability found in expat/libexpat1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-EXPAT-6227596 + Introduced through: expat/libexpat1@2.2.6-2+deb10u6 + From: expat/libexpat1@2.2.6-2+deb10u6 + Fixed in: 2.2.6-2+deb10u7 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 + From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 + +✗ Critical severity vulnerability found in db5.3/libdb5.3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 + Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 + From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 + From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|n5gehtoolsmqtt-gateway-gateway +Docker image: n5gehtoolsmqtt-gateway-gateway:latest +Platform: linux/amd64 +Base image: python:3.10.12-slim-buster +Licenses: enabled + +Tested 93 dependencies for known issues, found 108 issues. + +Base Image Vulnerabilities Severity +python:3.10.12-slim-buster 108 2 critical, 7 high, 7 medium, 92 low + +Recommendations for base image upgrade: + +Alternative image types +Base Image Vulnerabilities Severity +python:3.13.0b2-slim 43 1 critical, 0 high, 0 medium, 42 low +python:3.12.4-slim-bookworm 47 1 critical, 0 high, 0 medium, 46 low +python:3.13.0b2-slim-bullseye 78 1 critical, 1 high, 0 medium, 76 low +python:3.13.0b2-bookworm 197 2 critical, 0 high, 0 medium, 195 low + +Debian 10 is no longer supported by the Debian maintainers. Vulnerability detection may be affected by a lack of security updates. + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing n5gehtoolsmqtt-gateway-gateway:latest... + +Tested 16 dependencies for known issues, found 11 issues. + + +Issues to fix by upgrading dependencies: + + Upgrade aiohttp@3.8.4 to aiohttp@3.9.4 to fix + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-5798483] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6057353] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091623] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209406] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6209407] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Cross-site Scripting (XSS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6645291] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + ✗ Infinite loop [High Severity][https://security.snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6808823] in aiohttp@3.8.4 + introduced by aiohttp@3.8.4 + + Upgrade pydantic@1.10.7 to pydantic@1.10.13 to fix + ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5907722] in pydantic@1.10.7 + introduced by pydantic@1.10.7 + ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5926694] in pydantic@1.10.7 + introduced by pydantic@1.10.7 + + + +Organization: bhavdeep1304 +Package manager: pip +Target file: /app/requirements.txt +Project name: /app/requirements.txt +Docker image: n5gehtoolsmqtt-gateway-gateway:latest +Licenses: enabled + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test n5gehtoolsmqtt-gateway-gateway:latest --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 2 projects, 2 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/orchestracities_quantumleap_0.8.3.md b/Snyk/scan_results/orchestracities_quantumleap_0.8.3.md new file mode 100644 index 0000000..9b8b953 --- /dev/null +++ b/Snyk/scan_results/orchestracities_quantumleap_0.8.3.md @@ -0,0 +1,595 @@ +**Scanning orchestracities/quantumleap:0.8.3** +``` + +Testing orchestracities/quantumleap:0.8.3... + +✗ Low severity vulnerability found in openssl/libcrypto1.1 + Description: Inadequate Encryption Strength + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1075736 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1j-r0 + +✗ Low severity vulnerability found in busybox/busybox + Description: ALPINE-13661 + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-2606933 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r22 + +✗ Medium severity vulnerability found in util-linux/libuuid + Description: Files or Directories Accessible to External Parties + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-UTILLINUX-2393736 + Introduced through: util-linux/libuuid@2.35.2-r0, .python-rundeps@20200804.041307 + From: util-linux/libuuid@2.35.2-r0 + From: .python-rundeps@20200804.041307 > util-linux/libuuid@2.35.2-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.37.3-r0 + +✗ Medium severity vulnerability found in util-linux/libuuid + Description: Files or Directories Accessible to External Parties + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-UTILLINUX-2393737 + Introduced through: util-linux/libuuid@2.35.2-r0, .python-rundeps@20200804.041307 + From: util-linux/libuuid@2.35.2-r0 + From: .python-rundeps@20200804.041307 > util-linux/libuuid@2.35.2-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.37.3-r0 + +✗ Medium severity vulnerability found in util-linux/libuuid + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-UTILLINUX-2401803 + Introduced through: util-linux/libuuid@2.35.2-r0, .python-rundeps@20200804.041307 + From: util-linux/libuuid@2.35.2-r0 + From: .python-rundeps@20200804.041307 > util-linux/libuuid@2.35.2-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.37.4-r0 + +✗ Medium severity vulnerability found in sqlite/sqlite-libs + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-SQLITE-1300270 + Introduced through: sqlite/sqlite-libs@3.32.1-r0, .python-rundeps@20200804.041307 + From: sqlite/sqlite-libs@3.32.1-r0 + From: .python-rundeps@20200804.041307 > sqlite/sqlite-libs@3.32.1-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 3.32.1-r1 + +✗ Medium severity vulnerability found in sqlite/sqlite-libs + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-SQLITE-1300271 + Introduced through: sqlite/sqlite-libs@3.32.1-r0, .python-rundeps@20200804.041307 + From: sqlite/sqlite-libs@3.32.1-r0 + From: .python-rundeps@20200804.041307 > sqlite/sqlite-libs@3.32.1-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 3.32.1-r1 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1050745 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1i-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1075734 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1j-r0 + +✗ Medium severity vulnerability found in openssl/libcrypto1.1 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1089237 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1k-r0 + +✗ Medium severity vulnerability found in musl/musl-utils + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-MUSL-1042762 + Introduced through: musl/musl-utils@1.1.24-r8, libc-dev/libc-utils@0.7.2-r3, musl/musl@1.1.24-r9 + From: musl/musl-utils@1.1.24-r8 + From: libc-dev/libc-utils@0.7.2-r3 > musl/musl-utils@1.1.24-r8 + From: musl/musl@1.1.24-r9 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.1.24-r10 + +✗ Medium severity vulnerability found in krb5/krb5-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-KRB5-2432004 + Introduced through: krb5/krb5-libs@1.18.2-r0, krb5-conf/krb5-conf@1.0-r2, libtirpc/libtirpc@1.2.6-r0 + From: krb5/krb5-libs@1.18.2-r0 + From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.18.2-r0 + From: libtirpc/libtirpc@1.2.6-r0 > krb5/krb5-libs@1.18.2-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.18.5-r0 + +✗ Medium severity vulnerability found in expat/expat + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407751 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r2 + +✗ Medium severity vulnerability found in curl/libcurl + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804930 + Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 + From: curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 + Image layer: 'apk --no-cache add curl' + Fixed in: 7.79.1-r1 + +✗ Medium severity vulnerability found in curl/libcurl + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804936 + Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 + From: curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 + Image layer: 'apk --no-cache add curl' + Fixed in: 7.79.1-r1 + +✗ Medium severity vulnerability found in busybox/busybox + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920717 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in zlib/zlib + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-ZLIB-2434421 + Introduced through: zlib/zlib@1.2.11-r3, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 + From: zlib/zlib@1.2.11-r3 + From: .python-rundeps@20200804.041307 > zlib/zlib@1.2.11-r3 + From: apk-tools/apk-tools@2.10.5-r1 > zlib/zlib@1.2.11-r3 + and 2 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.2.12-r0 + +✗ High severity vulnerability found in xz/xz-libs + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-XZ-2445105 + Introduced through: xz/xz-libs@5.2.5-r0, .python-rundeps@20200804.041307 + From: xz/xz-libs@5.2.5-r0 + From: .python-rundeps@20200804.041307 > xz/xz-libs@5.2.5-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 5.2.5-r1 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1075735 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1j-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1089238 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1k-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1569450 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1l-r0 + +✗ High severity vulnerability found in openssl/libcrypto1.1 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-2426332 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1n-r0 + +✗ High severity vulnerability found in ncurses/ncurses-libs + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-NCURSES-2313024 + Introduced through: ncurses/ncurses-libs@6.2_p20200523-r0, readline/readline@8.0.4-r0, .python-rundeps@20200804.041307, ncurses/ncurses-terminfo-base@6.2_p20200523-r0 + From: ncurses/ncurses-libs@6.2_p20200523-r0 + From: readline/readline@8.0.4-r0 > ncurses/ncurses-libs@6.2_p20200523-r0 + From: .python-rundeps@20200804.041307 > ncurses/ncurses-libs@6.2_p20200523-r0 + and 2 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 6.2_p20200523-r1 + +✗ High severity vulnerability found in krb5/krb5-libs + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-KRB5-1043934 + Introduced through: krb5/krb5-libs@1.18.2-r0, krb5-conf/krb5-conf@1.0-r2, libtirpc/libtirpc@1.2.6-r0 + From: krb5/krb5-libs@1.18.2-r0 + From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.18.2-r0 + From: libtirpc/libtirpc@1.2.6-r0 > krb5/krb5-libs@1.18.2-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.18.3-r0 + +✗ High severity vulnerability found in krb5/krb5-libs + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-KRB5-1533463 + Introduced through: krb5/krb5-libs@1.18.2-r0, krb5-conf/krb5-conf@1.0-r2, libtirpc/libtirpc@1.2.6-r0 + From: krb5/krb5-libs@1.18.2-r0 + From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.18.2-r0 + From: libtirpc/libtirpc@1.2.6-r0 > krb5/krb5-libs@1.18.2-r0 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.18.4-r0 + +✗ High severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342149 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ High severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342151 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ High severity vulnerability found in expat/expat + Description: Incorrect Calculation + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342155 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ High severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342156 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ High severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342159 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ High severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2406623 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r1 + +✗ High severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407745 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r2 + +✗ High severity vulnerability found in curl/libcurl + Description: Missing Authentication for Critical Function + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804929 + Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 + From: curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 + Image layer: 'apk --no-cache add curl' + Fixed in: 7.79.1-r1 + +✗ High severity vulnerability found in curl/libcurl + Description: CVE-2022-27775 + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804935 + Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 + From: curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 + From: curl/curl@7.79.1-r0 + Image layer: 'apk --no-cache add curl' + Fixed in: 7.79.1-r1 + +✗ High severity vulnerability found in busybox/busybox + Description: Improper Handling of Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1089799 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r20 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920710 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920711 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920712 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920729 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920730 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920731 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920739 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920754 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920758 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r21 + +✗ High severity vulnerability found in busybox/busybox + Description: CVE-2022-28391 + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-2440610 + Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 + From: busybox/busybox@1.31.1-r16 + From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 + From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 + and 1 more... + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 1.31.1-r22 + +✗ High severity vulnerability found in apk-tools/apk-tools + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1246338 + Introduced through: apk-tools/apk-tools@2.10.5-r1 + From: apk-tools/apk-tools@2.10.5-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.10.6-r0 + +✗ Critical severity vulnerability found in zlib/zlib + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-ZLIB-2977082 + Introduced through: zlib/zlib@1.2.11-r3, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 + From: zlib/zlib@1.2.11-r3 + From: .python-rundeps@20200804.041307 > zlib/zlib@1.2.11-r3 + From: apk-tools/apk-tools@2.10.5-r1 > zlib/zlib@1.2.11-r3 + and 2 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.2.12-r2 + +✗ Critical severity vulnerability found in openssl/libcrypto1.1 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1569452 + Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 + From: openssl/libcrypto1.1@1.1.1g-r0 + From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 + From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 + and 11 more... + Image layer: 'apk --no-cache add curl' + Fixed in: 1.1.1l-r0 + +✗ Critical severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342150 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ Critical severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342157 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ Critical severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342158 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r0 + +✗ Critical severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2406624 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r1 + +✗ Critical severity vulnerability found in expat/expat + Description: Exposure of Resource to Wrong Sphere + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407740 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r2 + +✗ Critical severity vulnerability found in expat/expat + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407741 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r2 + +✗ Critical severity vulnerability found in expat/expat + Description: Improper Encoding or Escaping of Output + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407742 + Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 + From: expat/expat@2.2.9-r1 + From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.2.10-r2 + +✗ Critical severity vulnerability found in apk-tools/apk-tools + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1533753 + Introduced through: apk-tools/apk-tools@2.10.5-r1 + From: apk-tools/apk-tools@2.10.5-r1 + Image layer: Introduced by your base image (python:3.8.5-alpine3.12) + Fixed in: 2.10.7-r0 + + + +Organization: bhavdeep1304 +Package manager: apk +Project name: docker-image|orchestracities/quantumleap +Docker image: orchestracities/quantumleap:0.8.3 +Platform: linux/amd64 +Base image: python:3.8.5-alpine3.12 +Licenses: enabled + +Tested 38 dependencies for known issues, found 56 issues. + +Base Image Vulnerabilities Severity +python:3.8.5-alpine3.12 52 10 critical, 28 high, 12 medium, 2 low + +Recommendations for base image upgrade: + +Alternative image types +Base Image Vulnerabilities Severity +python:3.13.0b2-slim 43 1 critical, 0 high, 0 medium, 42 low +python:3.12.4-slim-bookworm 47 1 critical, 0 high, 0 medium, 46 low +python:3.13.0b2-slim-bullseye 78 1 critical, 1 high, 0 medium, 76 low +python:3.13.0b2-bookworm 197 2 critical, 0 high, 0 medium, 195 low + +Alpine 3.12.0 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates. + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` diff --git a/Snyk/scan_results/portainer_portainer-ce_2.19.4.md b/Snyk/scan_results/portainer_portainer-ce_2.19.4.md new file mode 100644 index 0000000..be7c0f5 --- /dev/null +++ b/Snyk/scan_results/portainer_portainer-ce_2.19.4.md @@ -0,0 +1,320 @@ +**Scanning portainer/portainer-ce:2.19.4** +``` + +Testing portainer/portainer-ce:2.19.4... + +Organization: bhavdeep1304 +Package manager: linux +Project name: docker-image|portainer/portainer-ce +Docker image: portainer/portainer-ce:2.19.4 +Platform: linux/amd64 +Licenses: enabled + +✔ Tested portainer/portainer-ce:2.19.4 for known issues, no vulnerable paths found. + +Note that we do not currently have vulnerability data for your image. + +------------------------------------------------------- + +Testing portainer/portainer-ce:2.19.4... + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 + Introduced through: golang.org/x/net/http2@v0.8.0 + From: golang.org/x/net/http2@v0.8.0 + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/crypto/ssh + Description: Authentication Bypass by Capture-replay + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 + Introduced through: golang.org/x/crypto/ssh@v0.7.0 + From: golang.org/x/crypto/ssh@v0.7.0 + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/crypto/acme/autocert + Description: Path Traversal + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOACMEAUTOCERT-7416897 + Introduced through: golang.org/x/crypto/acme/autocert@v0.7.0 + From: golang.org/x/crypto/acme/autocert@v0.7.0 + Fixed in: 0.24.0 + +✗ Medium severity vulnerability found in github.com/go-git/go-git/v5/plumbing + Description: Uncontrolled Resource Consumption ('Resource Exhaustion') + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-6140319 + Introduced through: github.com/go-git/go-git/v5/plumbing@v5.3.0 + From: github.com/go-git/go-git/v5/plumbing@v5.3.0 + Fixed in: 5.11.0 + +✗ Medium severity vulnerability found in github.com/docker/distribution/registry/api/v2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDOCKERDISTRIBUTIONREGISTRYAPIV2-5885037 + Introduced through: github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible + From: github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible + Fixed in: 2.8.2-beta.1 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 + Introduced through: golang.org/x/net/http2@v0.8.0 + From: golang.org/x/net/http2@v0.8.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 + Introduced through: golang.org/x/net/http2@v0.8.0 + From: golang.org/x/net/http2@v0.8.0 + Fixed in: 0.23.0 + +✗ High severity vulnerability found in github.com/containers/image/v5/docker + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERSIMAGEV5DOCKER-6828757 + Introduced through: github.com/containers/image/v5/docker@v5.25.0 + From: github.com/containers/image/v5/docker@v5.25.0 + Fixed in: 5.30.1 + +✗ Critical severity vulnerability found in github.com/go-git/go-git/v5 + Description: Path Traversal + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5-6150754 + Introduced through: github.com/go-git/go-git/v5@v5.3.0 + From: github.com/go-git/go-git/v5@v5.3.0 + Fixed in: 5.11.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /portainer +Project name: github.com/portainer/portainer/api +Docker image: portainer/portainer-ce:2.19.4 +Licenses: enabled + +Tested 587 dependencies for known issues, found 9 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing portainer/portainer-ce:2.19.4... + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 + Introduced through: golang.org/x/net/http2@v0.7.0 + From: golang.org/x/net/http2@v0.7.0 + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/net/html + Description: Cross-site Scripting (XSS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-5816820 + Introduced through: golang.org/x/net/html@v0.7.0 + From: golang.org/x/net/html@v0.7.0 + Fixed in: 0.13.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 + Introduced through: golang.org/x/net/http2@v0.7.0 + From: golang.org/x/net/http2@v0.7.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 + Introduced through: golang.org/x/net/http2@v0.7.0 + From: golang.org/x/net/http2@v0.7.0 + Fixed in: 0.23.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /kubectl +Project name: k8s.io/kubernetes +Docker image: portainer/portainer-ce:2.19.4 +Licenses: enabled + +Tested 230 dependencies for known issues, found 4 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing portainer/portainer-ce:2.19.4... + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 + Introduced through: golang.org/x/net/http2@v0.8.0 + From: golang.org/x/net/http2@v0.8.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 + Introduced through: golang.org/x/net/http2@v0.8.0 + From: golang.org/x/net/http2@v0.8.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 + Introduced through: golang.org/x/net/http2@v0.8.0 + From: golang.org/x/net/http2@v0.8.0 + Fixed in: 0.23.0 + +✗ High severity vulnerability found in github.com/cyphar/filepath-securejoin + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCYPHARFILEPATHSECUREJOIN-5889602 + Introduced through: github.com/cyphar/filepath-securejoin@v0.2.3 + From: github.com/cyphar/filepath-securejoin@v0.2.3 + Fixed in: 0.2.4 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /helm +Project name: helm.sh/helm/v3 +Docker image: portainer/portainer-ce:2.19.4 +Licenses: enabled + +Tested 619 dependencies for known issues, found 4 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing portainer/portainer-ce:2.19.4... + +✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json + Description: Infinite loop + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 + Introduced through: google.golang.org/protobuf/internal/encoding/json@v1.30.0 + From: google.golang.org/protobuf/internal/encoding/json@v1.30.0 + Fixed in: 1.33.0 + +✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson + Description: Stack-based Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 + Introduced through: google.golang.org/protobuf/encoding/protojson@v1.30.0 + From: google.golang.org/protobuf/encoding/protojson@v1.30.0 + Fixed in: 1.32.0 + +✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson + Description: Infinite loop + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 + Introduced through: google.golang.org/protobuf/encoding/protojson@v1.30.0 + From: google.golang.org/protobuf/encoding/protojson@v1.30.0 + Fixed in: 1.33.0 + +✗ Medium severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 + Introduced through: golang.org/x/net/http2@v0.9.0 + From: golang.org/x/net/http2@v0.9.0 + Fixed in: 0.17.0 + +✗ Medium severity vulnerability found in golang.org/x/crypto/ssh + Description: Authentication Bypass by Capture-replay + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 + Introduced through: golang.org/x/crypto/ssh@v0.7.0 + From: golang.org/x/crypto/ssh@v0.7.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in google.golang.org/grpc + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 + Introduced through: google.golang.org/grpc@v1.56.2 + From: google.golang.org/grpc@v1.56.2 + Fixed in: 1.56.3, 1.57.1, 1.58.3 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Denial of Service (DoS) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 + Introduced through: golang.org/x/net/http2@v0.9.0 + From: golang.org/x/net/http2@v0.9.0 + Fixed in: 0.17.0 + +✗ High severity vulnerability found in golang.org/x/net/http2 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 + Introduced through: golang.org/x/net/http2@v0.9.0 + From: golang.org/x/net/http2@v0.9.0 + Fixed in: 0.23.0 + +✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPOTELHTTP-5963583 + Introduced through: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 + From: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 + Fixed in: 0.44.0 + +✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPOTELHTTP-5971109 + Introduced through: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 + From: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 + Fixed in: 0.44.0 + +✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPHTTPTRACEOTELHTTPTRACE-5971114 + Introduced through: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.40.0 + From: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.40.0 + Fixed in: 0.44.0 + +✗ High severity vulnerability found in github.com/moby/buildkit/util/entitlements + Description: Improper Handling of Insufficient Privileges (Leaky Vessels) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMOBYBUILDKITUTILENTITLEMENTS-6209364 + Introduced through: github.com/moby/buildkit/util/entitlements@v0.12.1-0.20230717122532-faa0cc7da353 + From: github.com/moby/buildkit/util/entitlements@v0.12.1-0.20230717122532-faa0cc7da353 + Fixed in: 0.12.5 + +✗ High severity vulnerability found in github.com/moby/buildkit/client + Description: Improper Handling of Insufficient Privileges (Leaky Vessels) + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMOBYBUILDKITCLIENT-6209355 + Introduced through: github.com/moby/buildkit/client@v0.12.1-0.20230717122532-faa0cc7da353 + From: github.com/moby/buildkit/client@v0.12.1-0.20230717122532-faa0cc7da353 + Fixed in: 0.12.5 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /docker-compose +Project name: github.com/docker/compose/v2 +Docker image: portainer/portainer-ce:2.19.4 +Licenses: enabled + +Tested 755 dependencies for known issues, found 13 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 5 projects, 4 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/postgres_15.2.md b/Snyk/scan_results/postgres_15.2.md new file mode 100644 index 0000000..47c7458 --- /dev/null +++ b/Snyk/scan_results/postgres_15.2.md @@ -0,0 +1,1068 @@ +**Scanning postgres:15.2** +``` + +Testing postgres:15.2... + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081 + Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 + From: util-linux/libblkid1@2.36.1-8+deb11u1 + From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 + From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 + and 15 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-6508632 + Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 + From: util-linux/libblkid1@2.36.1-8+deb11u1 + From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 + From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 + and 15 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.36.1-8+deb11u2 + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-523480 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in tar + Description: CVE-2023-39804 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-6120424 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.34+dfsg-1+deb11u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733387 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733391 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733392 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6137713 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277512 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-1569419 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-2407045 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Improper Validation of Array Index + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-2959400 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-5562381 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in sqlite3/libsqlite3-0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-6139925 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5423922 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5879152 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in perl/libperl5.32 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976 + Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 + From: perl/libperl5.32@5.32.1-4+deb11u2 + From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 + From: perl/perl-modules-5.32@5.32.1-4+deb11u2 + and 4 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in perl/libperl5.32 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-532614 + Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 + From: perl/libperl5.32@5.32.1-4+deb11u2 + From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 + From: perl/perl-modules-5.32@5.32.1-4+deb11u2 + and 4 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in perl/libperl5.32 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489185 + Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 + From: perl/libperl5.32@5.32.1-4+deb11u2 + From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 + From: perl/perl-modules-5.32@5.32.1-4+deb11u2 + and 4 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in perl/libperl5.32 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489191 + Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 + From: perl/libperl5.32@5.32.1-4+deb11u2 + From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 + From: perl/perl-modules-5.32@5.32.1-4+deb11u2 + and 4 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pcre2/libpcre2-8-0 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-5788325 + Introduced through: pcre2/libpcre2-8-0@10.36-2+deb11u1 + From: pcre2/libpcre2-8-0@10.36-2+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PAM-6178915 + Introduced through: postgresql-15@15.2-1.pgdg110+1, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, pam/libpam-runtime@1.4.0-9+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > pam/libpam0g@1.4.0-9+deb11u1 + From: shadow/login@1:4.8.1-1 > pam/libpam0g@1.4.0-9+deb11u1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > pam/libpam0g@1.4.0-9+deb11u1 + and 9 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6048819 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6190224 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6592093 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7151355 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7411351 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-521320 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531344 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Cryptographic Issues + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531747 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-5660622 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-584937 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6123820 + Introduced through: bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, ncurses/ncurses-base@6.2+20201114-2+deb11u1 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + From: ncurses/ncurses-bin@6.2+20201114-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > llvm-toolchain-11/libllvm11@1:11.0.1-2 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + and 8 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6252771 + Introduced through: bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, ncurses/ncurses-base@6.2+20201114-2+deb11u1 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + From: ncurses/ncurses-bin@6.2+20201114-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > llvm-toolchain-11/libllvm11@1:11.0.1-2 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + and 8 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libzstd/libzstd1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBZSTD-5406388 + Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, libzstd/zstd@1.4.8+dfsg-2.1 + From: postgresql-15@15.2-1.pgdg110+1 > libzstd/libzstd1@1.4.8+dfsg-2.1 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libzstd/libzstd1@1.4.8+dfsg-2.1 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libzstd/libzstd1@1.4.8+dfsg-2.1 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxslt/libxslt1.1 + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXSLT-514942 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxml2 + Description: Cross-site Scripting (XSS) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-2964223 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxml2 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-5747746 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxml2 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-5871334 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-5947664 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxml2 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-6227804 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libxml2 + Description: CVE-2024-34459 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-6839381 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892 + Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 + and 9 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947 + Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 + and 9 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-6405987 + Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 + and 9 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in krb5/libkrb5-3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in krb5/libkrb5-3 + Description: CVE-2024-26462 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277413 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in krb5/libkrb5-3 + Description: CVE-2024-26461 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277418 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in krb5/libkrb5-3 + Description: CVE-2024-26458 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277420 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in krb5/libkrb5-3 + Description: CVE-2024-37371 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.18.3-6+deb11u5 + +✗ Low severity vulnerability found in krb5/libkrb5-3 + Description: CVE-2024-37370 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411320 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.18.3-6+deb11u5 + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Uncaught Exception + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474582 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474587 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-3330745 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnupg2/gpgconf@2.2.27-2+deb11u2 + and 17 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in glibc/libc6 + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6617104 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.31-13+deb11u9 + +✗ Low severity vulnerability found in glibc/libc6 + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673955 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc6 + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673958 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc6 + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673967 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc6 + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673973 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in gcc-9/gcc-9-base + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC9-5901306 + Introduced through: gcc-9/gcc-9-base@9.3.0-22 + From: gcc-9/gcc-9-base@9.3.0-22 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in gcc-10/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC10-5901313 + Introduced through: apt@2.2.4, libzstd/zstd@1.4.8+dfsg-2.1, postgresql-15@15.2-1.pgdg110+1, gcc-10/gcc-10-base@10.2.1-6, gcc-10/libgcc-s1@10.2.1-6 + From: apt@2.2.4 > gcc-10/libstdc++6@10.2.1-6 + From: libzstd/zstd@1.4.8+dfsg-2.1 > gcc-10/libstdc++6@10.2.1-6 + From: postgresql-15@15.2-1.pgdg110+1 > gcc-10/libstdc++6@10.2.1-6 + and 6 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in e2fsprogs/libext2fs2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459 + Introduced through: e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2, e2fsprogs/libcom-err2@1.46.2-2 + From: e2fsprogs/libext2fs2@1.46.2-2 + From: e2fsprogs@1.46.2-2 > e2fsprogs/libext2fs2@1.46.2-2 + From: e2fsprogs/libss2@1.46.2-2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in db5.3/libdb5.3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168 + Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, gnupg2/gnupg@2.2.27-2+deb11u2 + From: perl/libperl5.32@5.32.1-4+deb11u2 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1+deb11u1 > cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in coreutils/coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-common@248.pgdg110+1 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in coreutils/coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269 + Introduced through: postgresql-15@15.2-1.pgdg110+1 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-common@248.pgdg110+1 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in bash + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361 + Introduced through: bash@5.1-2+deb11u1 + From: bash@5.1-2+deb11u1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Low severity vulnerability found in apt/libapt-pkg6.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-APT-522585 + Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4 + From: apt/libapt-pkg6.0@2.2.4 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 + From: apt@2.2.4 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ Medium severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.34+dfsg-1+deb11u1 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5788324 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.1.1v-0~deb11u1 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5812634 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.1.1v-0~deb11u1 + +✗ Medium severity vulnerability found in krb5/libkrb5-3 + Description: Access of Uninitialized Pointer + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-5825661 + Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.18.3-6+deb11u4 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6062102 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 3.7.1-5+deb11u4 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 + Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 + and 5 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + +✗ High severity vulnerability found in perl/libperl5.32 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272 + Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 + From: perl/libperl5.32@5.32.1-4+deb11u2 + From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 + From: perl/perl-modules-5.32@5.32.1-4+deb11u2 + and 4 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 5.32.1-4+deb11u3 + +✗ High severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 + Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 + From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 1.1.1n-0+deb11u5 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197 + Introduced through: bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, ncurses/ncurses-base@6.2+20201114-2+deb11u1 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + From: ncurses/ncurses-bin@6.2+20201114-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + From: postgresql-15@15.2-1.pgdg110+1 > llvm-toolchain-11/libllvm11@1:11.0.1-2 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 + and 8 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 6.2+20201114-2+deb11u2 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159417 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 3.7.1-5+deb11u5 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159419 + Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 3.7.1-5+deb11u5 + +✗ High severity vulnerability found in glibc/libc6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 + Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 + From: glibc/libc6@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 + From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 + and 2 more... + Image layer: Introduced by your base image (postgres:15.2-bullseye) + Fixed in: 2.31-13+deb11u7 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 + From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 + Image layer: Introduced by your base image (postgres:15.2-bullseye) + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|postgres +Docker image: postgres:15.2 +Platform: linux/amd64 +Base image: postgres:15.2-bullseye +Licenses: enabled + +Tested 146 dependencies for known issues, found 107 issues. + +Base Image Vulnerabilities Severity +postgres:15.2-bullseye 107 1 critical, 7 high, 8 medium, 91 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +postgres:15.7-bullseye 93 1 critical, 1 high, 0 medium, 91 low + +Major upgrades +Base Image Vulnerabilities Severity +postgres:17beta2-bullseye 93 1 critical, 1 high, 0 medium, 91 low + +Alternative image types +Base Image Vulnerabilities Severity +postgres:15.7-bookworm 58 1 critical, 0 high, 0 medium, 57 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + +------------------------------------------------------- + +Testing postgres:15.2... + +✗ Medium severity vulnerability found in golang.org/x/sys/unix + Description: Incorrect Privilege Assignment + Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442 + Introduced through: golang.org/x/sys/unix@v0.0.0-20220907062415-87db552b00fd + From: golang.org/x/sys/unix@v0.0.0-20220907062415-87db552b00fd + Fixed in: 0.1.0 + + + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/local/bin/gosu +Project name: github.com/tianon/gosu +Docker image: postgres:15.2 +Licenses: enabled + +Tested 3 dependencies for known issues, found 1 issue. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test postgres:15.2 --file=path/to/Dockerfile + +Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. + +To remove these messages in the future, please run `snyk config set disableSuggestions=true` + + +Tested 2 projects, 2 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/redis_7.0.md b/Snyk/scan_results/redis_7.0.md new file mode 100644 index 0000000..a726b17 --- /dev/null +++ b/Snyk/scan_results/redis_7.0.md @@ -0,0 +1,321 @@ +**Scanning redis:7.0** +``` + +Testing redis:7.0... + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-UTILLINUX-2401083 + Introduced through: util-linux/libblkid1@2.38.1-5+deb12u1, e2fsprogs@1.47.0-2, util-linux/libmount1@2.38.1-5+deb12u1, util-linux@2.38.1-5+deb12u1, util-linux/mount@2.38.1-5+deb12u1, util-linux/libuuid1@2.38.1-5+deb12u1, util-linux/libsmartcols1@2.38.1-5+deb12u1, util-linux/util-linux-extra@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1 + From: util-linux/libblkid1@2.38.1-5+deb12u1 + From: e2fsprogs@1.47.0-2 > util-linux/libblkid1@2.38.1-5+deb12u1 + From: util-linux/libmount1@2.38.1-5+deb12u1 > util-linux/libblkid1@2.38.1-5+deb12u1 + and 17 more... + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TAR-1560620 + Introduced through: tar@1.34+dfsg-1.2+deb12u1, dash@0.5.12-2 + From: tar@1.34+dfsg-1.2+deb12u1 + From: dash@0.5.12-2 > dpkg@1.21.22 > tar@1.34+dfsg-1.2+deb12u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-1560739 + Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 + From: systemd/libsystemd0@252.26-1~deb12u2 + From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 + and 5 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733385 + Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 + From: systemd/libsystemd0@252.26-1~deb12u2 + From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 + and 5 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733390 + Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 + From: systemd/libsystemd0@252.26-1~deb12u2 + From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 + and 5 more... + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733398 + Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 + From: systemd/libsystemd0@252.26-1~deb12u2 + From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 + From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 + and 5 more... + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559391 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559403 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5423923 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5879156 + Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 + From: shadow/passwd@1:4.13+dfsg1-1+b1 + From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 + From: shadow/login@1:4.13+dfsg1-1+b1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-1556505 + Introduced through: perl/perl-base@5.36.0-7+deb12u1 + From: perl/perl-base@5.36.0-7+deb12u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184 + Introduced through: perl/perl-base@5.36.0-7+deb12u1 + From: perl/perl-base@5.36.0-7+deb12u1 + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489190 + Introduced through: perl/perl-base@5.36.0-7+deb12u1 + From: perl/perl-base@5.36.0-7+deb12u1 + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PAM-6178914 + Introduced through: pam/libpam0g@1.5.2-6+deb12u1, shadow/login@1:4.13+dfsg1-1+b1, util-linux@2.38.1-5+deb12u1, adduser@3.134, pam/libpam-modules-bin@1.5.2-6+deb12u1, pam/libpam-modules@1.5.2-6+deb12u1, pam/libpam-runtime@1.5.2-6+deb12u1 + From: pam/libpam0g@1.5.2-6+deb12u1 + From: shadow/login@1:4.13+dfsg1-1+b1 > pam/libpam0g@1.5.2-6+deb12u1 + From: util-linux@2.38.1-5+deb12u1 > pam/libpam0g@1.5.2-6+deb12u1 + and 11 more... + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6592092 + Introduced through: openssl/libssl3@3.0.13-1~deb12u1 + From: openssl/libssl3@3.0.13-1~deb12u1 + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-4603 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6861561 + Introduced through: openssl/libssl3@3.0.13-1~deb12u1 + From: openssl/libssl3@3.0.13-1~deb12u1 + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7151359 + Introduced through: openssl/libssl3@3.0.13-1~deb12u1 + From: openssl/libssl3@3.0.13-1~deb12u1 + +✗ Low severity vulnerability found in openssl/libssl3 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7411350 + Introduced through: openssl/libssl3@3.0.13-1~deb12u1 + From: openssl/libssl3@3.0.13-1~deb12u1 + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6123823 + Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b7, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 + From: ncurses/libtinfo6@6.4-4 + From: bash/bash@5.2.15-2+b7 > ncurses/libtinfo6@6.4-4 + From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 + and 3 more... + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6252773 + Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b7, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 + From: ncurses/libtinfo6@6.4-4 + From: bash/bash@5.2.15-2+b7 > ncurses/libtinfo6@6.4-4 + From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 + and 3 more... + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-1550206 + Introduced through: libgcrypt20@1.10.1-3, apt@2.6.1 + From: libgcrypt20@1.10.1-3 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 + From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 + and 1 more... + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-6405981 + Introduced through: libgcrypt20@1.10.1-3, apt@2.6.1 + From: libgcrypt20@1.10.1-3 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 + From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 + and 1 more... + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-1547121 + Introduced through: gnutls28/libgnutls30@3.7.9-2+deb12u3, apt@2.6.1 + From: gnutls28/libgnutls30@3.7.9-2+deb12u3 + From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u3 + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUPG2-3330747 + Introduced through: gnupg2/gpgv@2.2.40-1.1, apt@2.6.1 + From: gnupg2/gpgv@2.2.40-1.1 + From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1546991 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547039 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547069 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547135 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547293 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547373 + Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 + From: glibc/libc-bin@2.36-9+deb12u7 + From: glibc/libc6@2.36-9+deb12u7 + +✗ Low severity vulnerability found in gcc-12/libstdc++6 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-2606941 + Introduced through: gcc-12/libstdc++6@12.2.0-14, apt@2.6.1, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 + From: gcc-12/libstdc++6@12.2.0-14 + From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > gcc-12/libstdc++6@12.2.0-14 + and 2 more... + +✗ Low severity vulnerability found in gcc-12/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-5901316 + Introduced through: gcc-12/libstdc++6@12.2.0-14, apt@2.6.1, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 + From: gcc-12/libstdc++6@12.2.0-14 + From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > gcc-12/libstdc++6@12.2.0-14 + and 2 more... + +✗ Low severity vulnerability found in coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543939 + Introduced through: coreutils@9.1-1 + From: coreutils@9.1-1 + +✗ Low severity vulnerability found in coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543947 + Introduced through: coreutils@9.1-1 + From: coreutils@9.1-1 + +✗ Low severity vulnerability found in apt/libapt-pkg6.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-APT-1541449 + Introduced through: apt/libapt-pkg6.0@2.6.1, apt@2.6.1 + From: apt/libapt-pkg6.0@2.6.1 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 + From: apt@2.6.1 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 + Introduced through: zlib/zlib1g@1:1.2.13.dfsg-1, util-linux@2.38.1-5+deb12u1, apt@2.6.1, dash@0.5.12-2 + From: zlib/zlib1g@1:1.2.13.dfsg-1 + From: util-linux@2.38.1-5+deb12u1 > zlib/zlib1g@1:1.2.13.dfsg-1 + From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > zlib/zlib1g@1:1.2.13.dfsg-1 + and 2 more... + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|redis +Docker image: redis:7.0 +Platform: linux/amd64 +Licenses: enabled + +Tested 89 dependencies for known issues, found 37 issues. + +Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. +Example: $ snyk container test redis:7.0 --file=path/to/Dockerfile + +To remove this message in the future, please run `snyk config set disableSuggestions=true` + +------------------------------------------------------- + +Testing redis:7.0... + +Organization: bhavdeep1304 +Package manager: gomodules +Target file: /usr/local/bin/gosu +Project name: github.com/tianon/gosu +Docker image: redis:7.0 +Licenses: enabled + +✔ Tested 2 dependencies for known issues, no vulnerable paths found. + + +Tested 2 projects, 1 contained vulnerable paths. + + + +``` diff --git a/Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md b/Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md new file mode 100644 index 0000000..6191fb6 --- /dev/null +++ b/Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md @@ -0,0 +1,1698 @@ +**Scanning telefonicaiot/fiware-orion:3.8.1** +``` + +Testing telefonicaiot/fiware-orion:3.8.1... + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081 + Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u5, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 + From: util-linux/libblkid1@2.36.1-8+deb11u1 + From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 + From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 + and 16 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in util-linux/libblkid1 + Description: CVE-2024-28085 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-6508632 + Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u5, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 + From: util-linux/libblkid1@2.36.1-8+deb11u1 + From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 + From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 + and 16 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.36.1-8+deb11u2 + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2434417 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Improper Resource Shutdown or Release + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2440571 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-514595 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-516778 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Missing Release of Resource after Effective Lifetime + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-518574 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-520936 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-531474 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5416363 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5425904 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5673712 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5724641 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747597 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5749339 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5750143 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5767900 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5773188 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5853001 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6079927 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6084515 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190609 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190787 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in tar + Description: CVE-2005-2541 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-523480 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in tar + Description: CVE-2023-39804 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-6120424 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + Fixed in: 1.34+dfsg-1+deb11u1 + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Authentication Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733387 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733391 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733392 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-7008 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6137713 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in systemd/libsystemd0 + Description: CVE-2023-50868 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277512 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Access Restriction Bypass + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Time-of-check Time-of-use (TOCTOU) + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Incorrect Permission Assignment for Critical Resource + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5423922 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in shadow/passwd + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5879152 + Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 + From: shadow/passwd@1:4.8.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 + From: shadow/login@1:4.8.1-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Link Following + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-532614 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489185 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in perl/perl-base + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489191 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pcre3/libpcre3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353 + Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 + From: pcre3/libpcre3@2:8.39-13 + From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pcre2/libpcre2-8-0 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-5788325 + Introduced through: pcre2/libpcre2-8-0@10.36-2+deb11u1 + From: pcre2/libpcre2-8-0@10.36-2+deb11u1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in pam/libpam0g + Description: CVE-2024-22365 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PAM-6178915 + Introduced through: pam/libpam0g@1.4.0-9+deb11u1, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1, adduser@3.118, pam/libpam-modules-bin@1.4.0-9+deb11u1, pam/libpam-modules@1.4.0-9+deb11u1, pam/libpam-runtime@1.4.0-9+deb11u1 + From: pam/libpam0g@1.4.0-9+deb11u1 + From: shadow/login@1:4.8.1-1 > pam/libpam0g@1.4.0-9+deb11u1 + From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > pam/libpam0g@1.4.0-9+deb11u1 + and 11 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: Improper Check for Unusual or Exceptional Conditions + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6048819 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-0727 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6190224 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-2511 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6592093 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-4741 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7151355 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openssl/libssl1.1 + Description: CVE-2024-5535 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7411351 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Improper Initialization + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-521320 + Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531344 + Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Cryptographic Issues + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531747 + Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: NULL Pointer Dereference + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-5660622 + Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in openldap/libldap-2.4-2 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-584937 + Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 + From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in nghttp2/libnghttp2-14 + Description: CVE-2024-28182 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-6541750 + Introduced through: curl@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > nghttp2/libnghttp2-14@1.43.0-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-50495 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6123820 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in ncurses/libtinfo6 + Description: CVE-2023-45918 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6252771 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libzstd/libzstd1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBZSTD-5406388 + Introduced through: libzstd/libzstd1@1.4.8+dfsg-2.1, apt@2.2.4, glibc/libc-devtools@2.31-13+deb11u5 + From: libzstd/libzstd1@1.4.8+dfsg-2.1 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libzstd/libzstd1@1.4.8+dfsg-2.1 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 > libzstd/libzstd1@1.4.8+dfsg-2.1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in libsepol/libsepol1 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641 + Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 + From: libsepol/libsepol1@3.1-1 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in libpng1.6/libpng16-16 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-2363923 + Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u5 + From: libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 > libpng1.6/libpng16-16@1.6.37-3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libpng1.6/libpng16-16 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-529373 + Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u5 + From: libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 > libpng1.6/libpng16-16@1.6.37-3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libjpeg-turbo/libjpeg62-turbo + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBJPEGTURBO-2932112 + Introduced through: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4, glibc/libc-devtools@2.31-13+deb11u5 + From: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgd2/libgd3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1536763 + Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u5 + From: libgd2/libgd3@2.3.0-2 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgd2/libgd3 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1570130 + Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u5 + From: libgd2/libgd3@2.3.0-2 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgd2/libgd3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1583889 + Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u5 + From: libgd2/libgd3@2.3.0-2 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892 + Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgcrypt20 + Description: Use of a Broken or Risky Cryptographic Algorithm + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947 + Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in libgcrypt20 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-6405987 + Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-26462 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277413 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-26461 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277418 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-26458 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277420 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-37371 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u5 + +✗ Low severity vulnerability found in krb5/libk5crypto3 + Description: CVE-2024-37370 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411320 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u5 + +✗ Low severity vulnerability found in jbigkit/libjbig0 + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-JBIGKIT-514977 + Introduced through: jbigkit/libjbig0@2.1-3.1+b2, glibc/libc-devtools@2.31-13+deb11u5 + From: jbigkit/libjbig0@2.1-3.1+b2 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > jbigkit/libjbig0@2.1-3.1+b2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Uncaught Exception + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474582 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474587 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in gnupg2/gpgv + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-3330745 + Introduced through: gnupg2/gpgv@2.2.27-2+deb11u2, apt@2.2.4 + From: gnupg2/gpgv@2.2.27-2+deb11u2 + From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Out-of-Bounds + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use of Insufficiently Random Values + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2019-1010023 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Uncontrolled Recursion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Resource Management Errors + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-2961 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6617104 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u9 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33599 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673955 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33601 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673958 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33600 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673967 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in glibc/libc-bin + Description: CVE-2024-33602 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673973 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u10 + +✗ Low severity vulnerability found in gcc-9/gcc-9-base + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC9-5901306 + Introduced through: gcc-9/gcc-9-base@9.3.0-22 + From: gcc-9/gcc-9-base@9.3.0-22 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in gcc-10/libstdc++6 + Description: CVE-2023-4039 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC10-5901313 + Introduced through: apt@2.2.4, boost1.74/libboost-thread1.74.0@1.74.0-9, icu/libicu67@67.1-7, gcc-10/gcc-10-base@10.2.1-6, gcc-10/libgcc-s1@10.2.1-6 + From: apt@2.2.4 > gcc-10/libstdc++6@10.2.1-6 + From: boost1.74/libboost-thread1.74.0@1.74.0-9 > gcc-10/libstdc++6@10.2.1-6 + From: icu/libicu67@67.1-7 > gcc-10/libstdc++6@10.2.1-6 + and 3 more... + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in freetype/libfreetype6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2848681 + Introduced through: freetype/libfreetype6@2.10.4+dfsg-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u5 + From: freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: XML External Entity (XXE) Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-524217 + Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 + From: expat/libexpat1@2.2.10-2+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227594 + Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 + From: expat/libexpat1@2.2.10-2+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227598 + Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 + From: expat/libexpat1@2.2.10-2+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in expat/libexpat1 + Description: CVE-2024-28757 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6420594 + Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 + From: expat/libexpat1@2.2.10-2+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in e2fsprogs/libcom-err2 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459 + Introduced through: e2fsprogs@1.46.2-2, curl@7.74.0-1.3+deb11u5, e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2 + From: e2fsprogs@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 + From: e2fsprogs@1.46.2-2 > e2fsprogs/libss2@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > e2fsprogs/libcom-err2@1.46.2-2 + and 8 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in db5.3/libdb5.3 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168 + Introduced through: adduser@3.118, curl@7.74.0-1.3+deb11u5 + From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1+deb11u1 > cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Insufficiently Protected Credentials + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322659 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Improper Validation of Integrity Check Value + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322667 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561869 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2023-28322 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561885 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u9 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2023-38546 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955029 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u10 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2398 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501704 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u12 + +✗ Low severity vulnerability found in curl/libcurl4 + Description: CVE-2024-2379 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501711 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Low severity vulnerability found in coreutils/coreutils + Description: Improper Input Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776 + Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 + From: coreutils/coreutils@8.32-4+b1 + From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in coreutils/coreutils + Description: Race Condition + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269 + Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 + From: coreutils/coreutils@8.32-4+b1 + From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in bash + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361 + Introduced through: bash@5.1-2+deb11u1 + From: bash@5.1-2+deb11u1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Low severity vulnerability found in apt/libapt-pkg6.0 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-APT-522585 + Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4 + From: apt/libapt-pkg6.0@2.2.4 + From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 + From: apt@2.2.4 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Use After Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319790 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319791 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319804 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319810 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319811 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319813 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319814 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319820 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319824 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319826 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747608 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862860 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u5 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862861 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u5 + +✗ Medium severity vulnerability found in tiff/libtiff5 + Description: Memory Leak + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5934951 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u5 + +✗ Medium severity vulnerability found in tar + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527 + Introduced through: tar@1.34+dfsg-1 + From: tar@1.34+dfsg-1 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + Fixed in: 1.34+dfsg-1+deb11u1 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: Off-by-one Error + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3111119 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 247.3-7+deb11u2 + +✗ Medium severity vulnerability found in systemd/libsystemd0 + Description: CVE-2022-4415 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3177742 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 247.3-7+deb11u2 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Inefficient Regular Expression Complexity + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5788324 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1v-0~deb11u1 + +✗ Medium severity vulnerability found in openssl/libssl1.1 + Description: Excessive Iteration + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5812634 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1v-0~deb11u1 + +✗ Medium severity vulnerability found in libxpm/libxpm4 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927156 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1+deb11u1 + +✗ Medium severity vulnerability found in libxpm/libxpm4 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927166 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1+deb11u1 + +✗ Medium severity vulnerability found in libx11/libx11-data + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927151 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u2 + +✗ Medium severity vulnerability found in libx11/libx11-data + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927154 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u2 + +✗ Medium severity vulnerability found in krb5/libk5crypto3 + Description: Access of Uninitialized Pointer + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-5825661 + Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.18.3-6+deb11u4 + +✗ Medium severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6062102 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u4 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320492 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320498 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u7 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366760 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366763 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Authentication + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366765 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561876 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u9 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: CVE-2023-46218 + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100976 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u11 + +✗ Medium severity vulnerability found in curl/libcurl4 + Description: Missing Encryption of Sensitive Data + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100978 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in tiff/libtiff5 + Description: Buffer Overflow + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747600 + Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 + From: tiff/libtiff5@4.2.0-1+deb11u3 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 4.2.0-1+deb11u4 + +✗ High severity vulnerability found in systemd/libsystemd0 + Description: Allocation of Resources Without Limits or Throttling + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 + Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 + From: systemd/libsystemd0@247.3-7+deb11u1 + From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 + From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 + and 5 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in perl/perl-base + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272 + Introduced through: perl/perl-base@5.32.1-4+deb11u2 + From: perl/perl-base@5.32.1-4+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + Fixed in: 5.32.1-4+deb11u3 + +✗ High severity vulnerability found in openssl/libssl1.1 + Description: Improper Certificate Validation + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 + Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 + From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.1.1n-0+deb11u5 + +✗ High severity vulnerability found in nghttp2/libnghttp2-14 + Description: Resource Exhaustion + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384 + Introduced through: curl@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > nghttp2/libnghttp2-14@1.43.0-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.43.0-1+deb11u1 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Read + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-2767191 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 6.2+20201114-2+deb11u1 + +✗ High severity vulnerability found in ncurses/libtinfo6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197 + Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 + From: ncurses/libtinfo6@6.2+20201114-2 + From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 + From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 + and 3 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 6.2+20201114-2+deb11u2 + +✗ High severity vulnerability found in libxpm/libxpm4 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232725 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1~deb11u1 + +✗ High severity vulnerability found in libxpm/libxpm4 + Description: Untrusted Search Path + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232730 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1~deb11u1 + +✗ High severity vulnerability found in libxpm/libxpm4 + Description: Loop with Unreachable Exit Condition ('Infinite Loop') + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232736 + Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 + From: libxpm/libxpm4@1:3.5.12-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1:3.5.12-1.1~deb11u1 + +✗ High severity vulnerability found in libx11/libx11-data + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5710893 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u1 + +✗ High severity vulnerability found in libx11/libx11-data + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927150 + Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 + From: libx11/libx11-data@2:1.7.2-1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 + From: libx11/libx11-6@2:1.7.2-1 + and 1 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2:1.7.2-1+deb11u2 + +✗ High severity vulnerability found in libwebp/libwebp6 + Description: Double Free + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5489177 + Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u5 + From: libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > libwebp/libwebp6@0.6.1-2.1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 0.6.1-2.1+deb11u1 + +✗ High severity vulnerability found in libwebp/libwebp6 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 + Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u5 + From: libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 + From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > libwebp/libwebp6@0.6.1-2.1 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 0.6.1-2.1+deb11u2 + +✗ High severity vulnerability found in libssh2/libssh2-1 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSSH2-5861756 + Introduced through: curl@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > libssh2/libssh2-1@1.9.0-2 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 1.9.0-2+deb11u1 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Improper Verification of Cryptographic Signature + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159417 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u5 + +✗ High severity vulnerability found in gnutls28/libgnutls30 + Description: Information Exposure + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159419 + Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 + From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 3.7.1-5+deb11u5 + +✗ High severity vulnerability found in glibc/libc-bin + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 + Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 + From: glibc/libc-bin@2.31-13+deb11u5 + From: glibc/libc-devtools@2.31-13+deb11u5 + From: glibc/libc6@2.31-13+deb11u5 + and 2 more... + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 2.31-13+deb11u7 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3066040 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3179181 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ High severity vulnerability found in curl/libcurl4 + Description: Directory Traversal + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366762 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ High severity vulnerability found in curl/libcurl4 + Description: Arbitrary Code Injection + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366772 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u8 + +✗ Critical severity vulnerability found in zlib/zlib1g + Description: Integer Overflow or Wraparound + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961 + Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 + From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 + Image layer: Introduced by your base image (debian:bullseye-20230208-slim) + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Cleartext Transmission of Sensitive Information + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + +✗ Critical severity vulnerability found in curl/libcurl4 + Description: Out-of-bounds Write + Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955037 + Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 + From: curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 + From: curl@7.74.0-1.3+deb11u5 + Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' + Fixed in: 7.74.0-1.3+deb11u10 + + + +Organization: bhavdeep1304 +Package manager: deb +Project name: docker-image|telefonicaiot/fiware-orion +Docker image: telefonicaiot/fiware-orion:3.8.1 +Platform: linux/amd64 +Base image: debian:bullseye-20230208-slim +Licenses: enabled + +Tested 146 dependencies for known issues, found 181 issues. + +Base Image Vulnerabilities Severity +debian:bullseye-20230208-slim 94 1 critical, 9 high, 10 medium, 74 low + +Recommendations for base image upgrade: + +Minor upgrades +Base Image Vulnerabilities Severity +debian:bullseye-20240701-slim 69 1 critical, 1 high, 0 medium, 67 low + +Major upgrades +Base Image Vulnerabilities Severity +debian:bookworm-20240701-slim 33 1 critical, 0 high, 0 medium, 32 low + + +Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection + + +``` From c08743bad14784af40ae97004c41c763dfc45ad8 Mon Sep 17 00:00:00 2001 From: Bhavdeep Singh Krishnawat <68271114+Bhavdeep13@users.noreply.github.com> Date: Fri, 19 Jul 2024 20:17:55 +0200 Subject: [PATCH 02/46] Update snyk-scan.yml --- .github/workflows/snyk-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index c4f1654..5a60a14 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -6,7 +6,7 @@ on: - 20-security-scan-of-the-image pull_request: branches: - - 20-security-scan-of-the-image + - main jobs: snyk: From bb661f0928b9a93a186a359cdb214eb2e1a85d31 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Fri, 19 Jul 2024 18:21:01 +0000 Subject: [PATCH 03/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index c4f1654..39d8a94 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -6,7 +6,7 @@ on: - 20-security-scan-of-the-image pull_request: branches: - - 20-security-scan-of-the-image + - main jobs: snyk: @@ -14,10 +14,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v3 # Using the latest version - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3 # Using the latest version - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . From 6d157870b74153947d0d0c8c6b77943af0c6ba31 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Fri, 19 Jul 2024 18:29:47 +0000 Subject: [PATCH 04/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 39d8a94..d391001 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -6,7 +6,7 @@ on: - 20-security-scan-of-the-image pull_request: branches: - - main + - 20-security-scan-of-the-image jobs: snyk: From ba443eb29903c2be75b25340ce4a94ed3d15a3b2 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Fri, 19 Jul 2024 18:31:36 +0000 Subject: [PATCH 05/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index d391001..52c3bb6 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -22,9 +22,6 @@ jobs: - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - name: Build Frontend image - run: docker build -t n5gehtoolsmqtt-gateway-frontend:latest -f ./frontend/Dockerfile . - - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . @@ -36,14 +33,6 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Snyk Scan Frontend image - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-frontend:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Snyk Scan Gateway image uses: snyk/actions/docker@master with: From bccbbb76730826d7c34ef25a3ad0aa05c07c4f04 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:41:29 +0000 Subject: [PATCH 06/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 70 +++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 52c3bb6..766745c 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,4 +1,4 @@ -name: Snyk Container Scan +name: Snyk Container Scan and Create Issues on: push: @@ -6,7 +6,7 @@ on: - 20-security-scan-of-the-image pull_request: branches: - - 20-security-scan-of-the-image + - main jobs: snyk: @@ -14,29 +14,91 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 # Using the latest version + uses: actions/checkout@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 # Using the latest version + uses: docker/setup-buildx-action@v3 - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . + - name: Build Frontend image + run: docker build -t n5gehtoolsmqtt-gateway-frontend:latest -f ./frontend/Dockerfile . + - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image + id: snyk-api uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-api:latest' args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: Parse and create GitHub issues for API image vulnerabilities + if: steps.snyk-api.outputs.snyk-result != '' + run: | + echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" + fi + done + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Snyk Scan Frontend image + id: snyk-frontend + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-frontend:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: Parse and create GitHub issues for Frontend image vulnerabilities + if: steps.snyk-frontend.outputs.snyk-result != '' + run: | + echo "${{ steps.snyk-frontend.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in Frontend image" --body "Description: $description\nInfo: $info" + fi + done + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Snyk Scan Gateway image + id: snyk-gateway uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-gateway:latest' args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: Parse and create GitHub issues for Gateway image vulnerabilities + if: steps.snyk-gateway.outputs.snyk-result != '' + run: | + echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" + fi + done + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 2146873bb0e511dea7b136aaa0fd48a91eda3157 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:42:42 +0000 Subject: [PATCH 07/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 766745c..077f032 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -23,7 +23,7 @@ jobs: run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - name: Build Frontend image - run: docker build -t n5gehtoolsmqtt-gateway-frontend:latest -f ./frontend/Dockerfile . + run: docker build -t n5gehtoolsmqtt-gateway-frontend:latest -f /frontend/Dockerfile . - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . From 14783a0fc88a70fab67127f56e8603edc448bf70 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:43:42 +0000 Subject: [PATCH 08/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 077f032..4235d8d 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -22,9 +22,6 @@ jobs: - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - name: Build Frontend image - run: docker build -t n5gehtoolsmqtt-gateway-frontend:latest -f /frontend/Dockerfile . - - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . @@ -62,21 +59,6 @@ jobs: env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Parse and create GitHub issues for Frontend image vulnerabilities - if: steps.snyk-frontend.outputs.snyk-result != '' - run: | - echo "${{ steps.snyk-frontend.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - gh issue create --title "$severity vulnerability found in Frontend image" --body "Description: $description\nInfo: $info" - fi - done - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Snyk Scan Gateway image id: snyk-gateway From beefe12d40127845021c40fd4870d3de5e91273e Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:46:55 +0000 Subject: [PATCH 09/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 34 ++++++++++++--------------------- 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 4235d8d..068c8d9 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -33,9 +33,18 @@ jobs: args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - + + - name: Snyk Scan Gateway image + id: snyk-gateway + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-gateway:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + - name: Parse and create GitHub issues for API image vulnerabilities - if: steps.snyk-api.outputs.snyk-result != '' + if: success() && steps.snyk-api.outputs.snyk-result != '' run: | echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do if [[ $line == *"severity"* ]]; then @@ -50,27 +59,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Snyk Scan Frontend image - id: snyk-frontend - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-frontend:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - - name: Snyk Scan Gateway image - id: snyk-gateway - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - name: Parse and create GitHub issues for Gateway image vulnerabilities - if: steps.snyk-gateway.outputs.snyk-result != '' + if: success() && steps.snyk-gateway.outputs.snyk-result != '' run: | echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do if [[ $line == *"severity"* ]]; then From 5baff9d8bd4ffdc3afed4619654c431c5825814f Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:50:12 +0000 Subject: [PATCH 10/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 54 +++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 068c8d9..b2f91a4 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -33,6 +33,7 @@ jobs: args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Snyk Scan Gateway image id: snyk-gateway @@ -42,35 +43,44 @@ jobs: args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Parse and create GitHub issues for API image vulnerabilities - if: success() && steps.snyk-api.outputs.snyk-result != '' + if: always() run: | - echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" - fi - done + echo "Parsing Snyk API scan results..." + echo "${{ steps.snyk-api.outputs.snyk-result }}" + if [ -n "${{ steps.snyk-api.outputs.snyk-result }}" ]; then + echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" + fi + done + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Parse and create GitHub issues for Gateway image vulnerabilities - if: success() && steps.snyk-gateway.outputs.snyk-result != '' + if: always() run: | - echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" - fi - done + echo "Parsing Snyk Gateway scan results..." + echo "${{ steps.snyk-gateway.outputs.snyk-result }}" + if [ -n "${{ steps.snyk-gateway.outputs.snyk-result }}" ]; then + echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" + fi + done + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 01f67d45dba64350790f25879d4130d9d2a63c25 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:53:24 +0000 Subject: [PATCH 11/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index b2f91a4..160dc6d 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -52,15 +52,21 @@ jobs: echo "${{ steps.snyk-api.outputs.snyk-result }}" if [ -n "${{ steps.snyk-api.outputs.snyk-result }}" ]; then echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + echo "Processing line: $line" if [[ $line == *"severity"* ]]; then severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" elif [[ $line == *"Description"* ]]; then description=$(echo $line | awk '{print $2}') + echo "Description: $description" elif [[ $line == *"Info"* ]]; then info=$(echo $line | awk '{print $2}') + echo "Info: $info" gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" fi done + else + echo "No Snyk API scan results found." fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -72,15 +78,21 @@ jobs: echo "${{ steps.snyk-gateway.outputs.snyk-result }}" if [ -n "${{ steps.snyk-gateway.outputs.snyk-result }}" ]; then echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + echo "Processing line: $line" if [[ $line == *"severity"* ]]; then severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" elif [[ $line == *"Description"* ]]; then description=$(echo $line | awk '{print $2}') + echo "Description: $description" elif [[ $line == *"Info"* ]]; then info=$(echo $line | awk '{print $2}') + echo "Info: $info" gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" fi done + else + echo "No Snyk Gateway scan results found." fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f596cf50502c63792a5872e0459318c3e1448443 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:56:12 +0000 Subject: [PATCH 12/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 104 ++++++++++++++------------------ 1 file changed, 46 insertions(+), 58 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 160dc6d..96e59f3 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,98 +1,86 @@ -name: Snyk Container Scan and Create Issues +name: Snyk Scan Docker Images on: push: branches: - - 20-security-scan-of-the-image + - main pull_request: branches: - main jobs: - snyk: + build: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Check out the repository + uses: actions/checkout@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v1 + + - name: Log in to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build API image + - name: Build API Docker image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - name: Build Gateway image + - name: Build Gateway Docker image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image id: snyk-api uses: snyk/actions/docker@master with: - image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true + image: n5gehtoolsmqtt-gateway-api:latest + args: --severity-threshold=high - name: Snyk Scan Gateway image id: snyk-gateway uses: snyk/actions/docker@master with: - image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true + image: n5gehtoolsmqtt-gateway-gateway:latest + args: --severity-threshold=high - name: Parse and create GitHub issues for API image vulnerabilities - if: always() + if: ${{ steps.snyk-api.outputs.vulnerabilities }} run: | echo "Parsing Snyk API scan results..." - echo "${{ steps.snyk-api.outputs.snyk-result }}" - if [ -n "${{ steps.snyk-api.outputs.snyk-result }}" ]; then - echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" - fi - done - else - echo "No Snyk API scan results found." - fi + severity="" + description="" + info="" + echo "${{ steps.snyk-api.outputs.vulnerabilities }}" | while read -r line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" + fi + done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Parse and create GitHub issues for Gateway image vulnerabilities - if: always() + if: ${{ steps.snyk-gateway.outputs.vulnerabilities }} run: | echo "Parsing Snyk Gateway scan results..." - echo "${{ steps.snyk-gateway.outputs.snyk-result }}" - if [ -n "${{ steps.snyk-gateway.outputs.snyk-result }}" ]; then - echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" - fi - done - else - echo "No Snyk Gateway scan results found." - fi + severity="" + description="" + info="" + echo "${{ steps.snyk-gateway.outputs.vulnerabilities }}" | while read -r line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" + fi + done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 675bd5701482d1ae326cb82231f4c348fac56816 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:58:30 +0000 Subject: [PATCH 13/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 104 ++++++++++++++++++-------------- 1 file changed, 58 insertions(+), 46 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 96e59f3..160dc6d 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,86 +1,98 @@ -name: Snyk Scan Docker Images +name: Snyk Container Scan and Create Issues on: push: branches: - - main + - 20-security-scan-of-the-image pull_request: branches: - main jobs: - build: + snyk: runs-on: ubuntu-latest steps: - - name: Check out the repository - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Log in to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + uses: docker/setup-buildx-action@v3 - - name: Build API Docker image + - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - name: Build Gateway Docker image + - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image id: snyk-api uses: snyk/actions/docker@master with: - image: n5gehtoolsmqtt-gateway-api:latest - args: --severity-threshold=high + image: 'n5gehtoolsmqtt-gateway-api:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Snyk Scan Gateway image id: snyk-gateway uses: snyk/actions/docker@master with: - image: n5gehtoolsmqtt-gateway-gateway:latest - args: --severity-threshold=high + image: 'n5gehtoolsmqtt-gateway-gateway:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Parse and create GitHub issues for API image vulnerabilities - if: ${{ steps.snyk-api.outputs.vulnerabilities }} + if: always() run: | echo "Parsing Snyk API scan results..." - severity="" - description="" - info="" - echo "${{ steps.snyk-api.outputs.vulnerabilities }}" | while read -r line; do - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" - fi - done + echo "${{ steps.snyk-api.outputs.snyk-result }}" + if [ -n "${{ steps.snyk-api.outputs.snyk-result }}" ]; then + echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + echo "Processing line: $line" + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + echo "Description: $description" + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + echo "Info: $info" + gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" + fi + done + else + echo "No Snyk API scan results found." + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Parse and create GitHub issues for Gateway image vulnerabilities - if: ${{ steps.snyk-gateway.outputs.vulnerabilities }} + if: always() run: | echo "Parsing Snyk Gateway scan results..." - severity="" - description="" - info="" - echo "${{ steps.snyk-gateway.outputs.vulnerabilities }}" | while read -r line; do - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" - fi - done + echo "${{ steps.snyk-gateway.outputs.snyk-result }}" + if [ -n "${{ steps.snyk-gateway.outputs.snyk-result }}" ]; then + echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do + echo "Processing line: $line" + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + echo "Description: $description" + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + echo "Info: $info" + gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" + fi + done + else + echo "No Snyk Gateway scan results found." + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 703bb51bc75f9c8fc022d4da798f0f262ddd20ba Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 22:59:11 +0000 Subject: [PATCH 14/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 102 ++++++++++++++------------------ 1 file changed, 45 insertions(+), 57 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 160dc6d..46b95f7 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,4 +1,4 @@ -name: Snyk Container Scan and Create Issues +name: Snyk Scan Docker Images on: push: @@ -9,90 +9,78 @@ on: - main jobs: - snyk: + build: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v3 + - name: Check out the repository + uses: actions/checkout@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v1 - - name: Build API image + - name: Log in to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build API Docker image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - name: Build Gateway image + - name: Build Gateway Docker image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image id: snyk-api uses: snyk/actions/docker@master with: - image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true + image: n5gehtoolsmqtt-gateway-api:latest + args: --severity-threshold=high - name: Snyk Scan Gateway image id: snyk-gateway uses: snyk/actions/docker@master with: - image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high' - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true + image: n5gehtoolsmqtt-gateway-gateway:latest + args: --severity-threshold=high - name: Parse and create GitHub issues for API image vulnerabilities - if: always() + if: ${{ steps.snyk-api.outputs.vulnerabilities }} run: | echo "Parsing Snyk API scan results..." - echo "${{ steps.snyk-api.outputs.snyk-result }}" - if [ -n "${{ steps.snyk-api.outputs.snyk-result }}" ]; then - echo "${{ steps.snyk-api.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" - fi - done - else - echo "No Snyk API scan results found." - fi + severity="" + description="" + info="" + echo "${{ steps.snyk-api.outputs.vulnerabilities }}" | while read -r line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" + fi + done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Parse and create GitHub issues for Gateway image vulnerabilities - if: always() + if: ${{ steps.snyk-gateway.outputs.vulnerabilities }} run: | echo "Parsing Snyk Gateway scan results..." - echo "${{ steps.snyk-gateway.outputs.snyk-result }}" - if [ -n "${{ steps.snyk-gateway.outputs.snyk-result }}" ]; then - echo "${{ steps.snyk-gateway.outputs.snyk-result }}" | grep -A 3 -B 1 'severity' | while read line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" - fi - done - else - echo "No Snyk Gateway scan results found." - fi + severity="" + description="" + info="" + echo "${{ steps.snyk-gateway.outputs.vulnerabilities }}" | while read -r line; do + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" + fi + done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 937a0049dcb5ac57a3e0ee7684b369b24714c02b Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:01:39 +0000 Subject: [PATCH 15/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 22 ++++++---------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 46b95f7..b29feec 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -19,12 +19,6 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - - name: Log in to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Build API Docker image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . @@ -37,6 +31,7 @@ jobs: with: image: n5gehtoolsmqtt-gateway-api:latest args: --severity-threshold=high + continue-on-error: true - name: Snyk Scan Gateway image id: snyk-gateway @@ -44,15 +39,13 @@ jobs: with: image: n5gehtoolsmqtt-gateway-gateway:latest args: --severity-threshold=high + continue-on-error: true - name: Parse and create GitHub issues for API image vulnerabilities - if: ${{ steps.snyk-api.outputs.vulnerabilities }} run: | echo "Parsing Snyk API scan results..." - severity="" - description="" - info="" - echo "${{ steps.snyk-api.outputs.vulnerabilities }}" | while read -r line; do + echo "${{ steps.snyk-api.outputs.vulnerabilities }}" | grep -A 3 -B 1 'severity' | while read -r line; do + echo "Processing line: $line" if [[ $line == *"severity"* ]]; then severity=$(echo $line | awk '{print $3}') elif [[ $line == *"Description"* ]]; then @@ -66,13 +59,10 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Parse and create GitHub issues for Gateway image vulnerabilities - if: ${{ steps.snyk-gateway.outputs.vulnerabilities }} run: | echo "Parsing Snyk Gateway scan results..." - severity="" - description="" - info="" - echo "${{ steps.snyk-gateway.outputs.vulnerabilities }}" | while read -r line; do + echo "${{ steps.snyk-gateway.outputs.vulnerabilities }}" | grep -A 3 -B 1 'severity' | while read -r line; do + echo "Processing line: $line" if [[ $line == *"severity"* ]]; then severity=$(echo $line | awk '{print $3}') elif [[ $line == *"Description"* ]]; then From c910b86a2803d2ffd83ae090304f22b59fd7f77d Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:04:47 +0000 Subject: [PATCH 16/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 42 +++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 13 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index b29feec..dfde7c7 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,4 +1,4 @@ -name: Snyk Scan Docker Images +name: Snyk Container Scan and Create Issues on: push: @@ -9,49 +9,59 @@ on: - main jobs: - build: + snyk: runs-on: ubuntu-latest steps: - - name: Check out the repository - uses: actions/checkout@v2 + - name: Checkout repository + uses: actions/checkout@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v3 - - name: Build API Docker image + - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - name: Build Gateway Docker image + - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image id: snyk-api uses: snyk/actions/docker@master with: - image: n5gehtoolsmqtt-gateway-api:latest - args: --severity-threshold=high + image: 'n5gehtoolsmqtt-gateway-api:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - name: Snyk Scan Gateway image id: snyk-gateway uses: snyk/actions/docker@master with: - image: n5gehtoolsmqtt-gateway-gateway:latest - args: --severity-threshold=high + image: 'n5gehtoolsmqtt-gateway-gateway:latest' + args: '--severity-threshold=high' + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - name: Parse and create GitHub issues for API image vulnerabilities + if: always() run: | echo "Parsing Snyk API scan results..." - echo "${{ steps.snyk-api.outputs.vulnerabilities }}" | grep -A 3 -B 1 'severity' | while read -r line; do + snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high) + echo "$snyk_output" + echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do echo "Processing line: $line" if [[ $line == *"severity"* ]]; then severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" elif [[ $line == *"Description"* ]]; then description=$(echo $line | awk '{print $2}') + echo "Description: $description" elif [[ $line == *"Info"* ]]; then info=$(echo $line | awk '{print $2}') + echo "Info: $info" gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" fi done @@ -59,16 +69,22 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Parse and create GitHub issues for Gateway image vulnerabilities + if: always() run: | echo "Parsing Snyk Gateway scan results..." - echo "${{ steps.snyk-gateway.outputs.vulnerabilities }}" | grep -A 3 -B 1 'severity' | while read -r line; do + snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high) + echo "$snyk_output" + echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do echo "Processing line: $line" if [[ $line == *"severity"* ]]; then severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" elif [[ $line == *"Description"* ]]; then description=$(echo $line | awk '{print $2}') + echo "Description: $description" elif [[ $line == *"Info"* ]]; then info=$(echo $line | awk '{print $2}') + echo "Info: $info" gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" fi done From f8d4979593976c8cf436307ac4173208bcca2dac Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:07:21 +0000 Subject: [PATCH 17/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index dfde7c7..e0a402a 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -45,6 +45,10 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true + - name: Install Snyk CLI + run: npm install -g snyk + continue-on-error: true + - name: Parse and create GitHub issues for API image vulnerabilities if: always() run: | From 268c0e3332f945095000521656e7a36877caa6bf Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:10:34 +0000 Subject: [PATCH 18/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index e0a402a..90d8f29 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -53,7 +53,8 @@ jobs: if: always() run: | echo "Parsing Snyk API scan results..." - snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high) + export PATH=$PATH:/home/runner/.npm-global/bin + snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high 2>&1) echo "$snyk_output" echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do echo "Processing line: $line" @@ -76,7 +77,8 @@ jobs: if: always() run: | echo "Parsing Snyk Gateway scan results..." - snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high) + export PATH=$PATH:/home/runner/.npm-global/bin + snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high 2>&1) echo "$snyk_output" echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do echo "Processing line: $line" From 10db8188aaf9f2699ab48a256e3ee0e1143c95ab Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:13:44 +0000 Subject: [PATCH 19/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 68 +++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 28 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 90d8f29..74080f6 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -54,22 +54,28 @@ jobs: run: | echo "Parsing Snyk API scan results..." export PATH=$PATH:/home/runner/.npm-global/bin + snyk --version snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high 2>&1) + echo "Snyk output:" echo "$snyk_output" - echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" - fi - done + if [ -n "$snyk_output" ]; then + echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do + echo "Processing line: $line" + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + echo "Description: $description" + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + echo "Info: $info" + gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" + fi + done + else + echo "No Snyk API scan results found." + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -78,21 +84,27 @@ jobs: run: | echo "Parsing Snyk Gateway scan results..." export PATH=$PATH:/home/runner/.npm-global/bin + snyk --version snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high 2>&1) + echo "Snyk output:" echo "$snyk_output" - echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" - fi - done + if [ -n "$snyk_output" ]; then + echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do + echo "Processing line: $line" + if [[ $line == *"severity"* ]]; then + severity=$(echo $line | awk '{print $3}') + echo "Severity: $severity" + elif [[ $line == *"Description"* ]]; then + description=$(echo $line | awk '{print $2}') + echo "Description: $description" + elif [[ $line == *"Info"* ]]; then + info=$(echo $line | awk '{print $2}') + echo "Info: $info" + gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" + fi + done + else + echo "No Snyk Gateway scan results found." + fi env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c5ec80109ed1c23b96b435ba5b9e573aa3ad0655 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:16:19 +0000 Subject: [PATCH 20/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 74080f6..ba9c26a 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -56,8 +56,12 @@ jobs: export PATH=$PATH:/home/runner/.npm-global/bin snyk --version snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high 2>&1) + snyk_exit_code=$? echo "Snyk output:" echo "$snyk_output" + if [ $snyk_exit_code -ne 0 ]; then + echo "Snyk scan failed with exit code $snyk_exit_code" + fi if [ -n "$snyk_output" ]; then echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do echo "Processing line: $line" @@ -86,8 +90,12 @@ jobs: export PATH=$PATH:/home/runner/.npm-global/bin snyk --version snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high 2>&1) + snyk_exit_code=$? echo "Snyk output:" echo "$snyk_output" + if [ $snyk_exit_code -ne 0 ]; then + echo "Snyk scan failed with exit code $snyk_exit_code" + fi if [ -n "$snyk_output" ]; then echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do echo "Processing line: $line" From 87d5c617896436f76fdb2ab9272946ad49570f63 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:21:29 +0000 Subject: [PATCH 21/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 96 +++++++++------------------------ 1 file changed, 26 insertions(+), 70 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index ba9c26a..591c4ce 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,4 +1,4 @@ -name: Snyk Container Scan and Create Issues +name: Snyk Container Scan on: push: @@ -26,93 +26,49 @@ jobs: run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image - id: snyk-api + id: snyk_api uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high' + args: '--severity-threshold=high --json-file-output=snyk-api-results.json' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - name: Snyk Scan Gateway image - id: snyk-gateway + id: snyk_gateway uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high' + args: '--severity-threshold=high --json-file-output=snyk-gateway-results.json' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - - name: Install Snyk CLI - run: npm install -g snyk - continue-on-error: true - - - name: Parse and create GitHub issues for API image vulnerabilities + - name: Upload Snyk Results if: always() - run: | - echo "Parsing Snyk API scan results..." - export PATH=$PATH:/home/runner/.npm-global/bin - snyk --version - snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high 2>&1) - snyk_exit_code=$? - echo "Snyk output:" - echo "$snyk_output" - if [ $snyk_exit_code -ne 0 ]; then - echo "Snyk scan failed with exit code $snyk_exit_code" - fi - if [ -n "$snyk_output" ]; then - echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in API image" --body "Description: $description\nInfo: $info" - fi - done - else - echo "No Snyk API scan results found." - fi - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + uses: actions/upload-artifact@v2 + with: + name: snyk-results + path: | + snyk-api-results.json + snyk-gateway-results.json - - name: Parse and create GitHub issues for Gateway image vulnerabilities + - name: Create GitHub Issues for Vulnerabilities if: always() run: | - echo "Parsing Snyk Gateway scan results..." - export PATH=$PATH:/home/runner/.npm-global/bin - snyk --version - snyk_output=$(snyk container test n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high 2>&1) - snyk_exit_code=$? - echo "Snyk output:" - echo "$snyk_output" - if [ $snyk_exit_code -ne 0 ]; then - echo "Snyk scan failed with exit code $snyk_exit_code" - fi - if [ -n "$snyk_output" ]; then - echo "$snyk_output" | grep -A 3 -B 1 'severity' | while read -r line; do - echo "Processing line: $line" - if [[ $line == *"severity"* ]]; then - severity=$(echo $line | awk '{print $3}') - echo "Severity: $severity" - elif [[ $line == *"Description"* ]]; then - description=$(echo $line | awk '{print $2}') - echo "Description: $description" - elif [[ $line == *"Info"* ]]; then - info=$(echo $line | awk '{print $2}') - echo "Info: $info" - gh issue create --title "$severity vulnerability found in Gateway image" --body "Description: $description\nInfo: $info" - fi - done - else - echo "No Snyk Gateway scan results found." - fi + for file in snyk-api-results.json snyk-gateway-results.json; do + if [ -f "$file" ]; then + vulnerabilities=$(jq -r '.vulnerabilities[] | @base64' $file) + for vulnerability in $vulnerabilities; do + _jq() { + echo ${vulnerability} | base64 --decode | jq -r ${1} + } + title="SNYK: $(_jq '.title')" + description="## Description\n$(_jq '.description')\n\n## Info\n$(_jq '.url')\n\n## Severity\n$(_jq '.severity')\n\n## Introduced through\n$(_jq '.from | join(", ")')\n\n## Remediation\n$(_jq '.remediation')" + gh issue create --title "$title" --body "$description" --label "security" + done + fi + done env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 439944e04e1bcde8896893939eaad2f16af93ec9 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:24:24 +0000 Subject: [PATCH 22/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 591c4ce..d455613 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -45,6 +45,9 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true + - name: List Files in Workspace + run: ls -al + - name: Upload Snyk Results if: always() uses: actions/upload-artifact@v2 @@ -59,6 +62,7 @@ jobs: run: | for file in snyk-api-results.json snyk-gateway-results.json; do if [ -f "$file" ]; then + echo "Found $file" vulnerabilities=$(jq -r '.vulnerabilities[] | @base64' $file) for vulnerability in $vulnerabilities; do _jq() { @@ -66,8 +70,11 @@ jobs: } title="SNYK: $(_jq '.title')" description="## Description\n$(_jq '.description')\n\n## Info\n$(_jq '.url')\n\n## Severity\n$(_jq '.severity')\n\n## Introduced through\n$(_jq '.from | join(", ")')\n\n## Remediation\n$(_jq '.remediation')" + echo "Creating issue: $title" gh issue create --title "$title" --body "$description" --label "security" done + else + echo "File $file not found" fi done env: From 26537a7421716c96dd920c002c2872bffbb0a55a Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:27:00 +0000 Subject: [PATCH 23/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index d455613..f1b738d 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -45,6 +45,9 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true + - name: Print Working Directory + run: pwd + - name: List Files in Workspace run: ls -al From 379ad3d4cd5d305ea231bc4df635436f590bff97 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:29:34 +0000 Subject: [PATCH 24/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index f1b738d..e42d487 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -60,12 +60,15 @@ jobs: snyk-api-results.json snyk-gateway-results.json + - name: Ensure Security Label Exists + run: | + gh label create security --color FF0000 --description "Security related issues" || echo "Label already exists" + - name: Create GitHub Issues for Vulnerabilities if: always() run: | for file in snyk-api-results.json snyk-gateway-results.json; do if [ -f "$file" ]; then - echo "Found $file" vulnerabilities=$(jq -r '.vulnerabilities[] | @base64' $file) for vulnerability in $vulnerabilities; do _jq() { @@ -74,7 +77,7 @@ jobs: title="SNYK: $(_jq '.title')" description="## Description\n$(_jq '.description')\n\n## Info\n$(_jq '.url')\n\n## Severity\n$(_jq '.severity')\n\n## Introduced through\n$(_jq '.from | join(", ")')\n\n## Remediation\n$(_jq '.remediation')" echo "Creating issue: $title" - gh issue create --title "$title" --body "$description" --label "security" + gh issue create --title "$title" --body "$description" --label "security" || echo "Failed to create issue: $title" done else echo "File $file not found" From 84e65310eab212139c89f2a1096bafd5d5613515 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:32:20 +0000 Subject: [PATCH 25/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index e42d487..f5c2f91 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -45,12 +45,6 @@ jobs: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - - name: Print Working Directory - run: pwd - - - name: List Files in Workspace - run: ls -al - - name: Upload Snyk Results if: always() uses: actions/upload-artifact@v2 @@ -63,6 +57,8 @@ jobs: - name: Ensure Security Label Exists run: | gh label create security --color FF0000 --description "Security related issues" || echo "Label already exists" + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create GitHub Issues for Vulnerabilities if: always() @@ -72,16 +68,17 @@ jobs: vulnerabilities=$(jq -r '.vulnerabilities[] | @base64' $file) for vulnerability in $vulnerabilities; do _jq() { - echo ${vulnerability} | base64 --decode | jq -r ${1} + echo "${vulnerability}" | base64 --decode | jq -r ${1} } title="SNYK: $(_jq '.title')" description="## Description\n$(_jq '.description')\n\n## Info\n$(_jq '.url')\n\n## Severity\n$(_jq '.severity')\n\n## Introduced through\n$(_jq '.from | join(", ")')\n\n## Remediation\n$(_jq '.remediation')" - echo "Creating issue: $title" - gh issue create --title "$title" --body "$description" --label "security" || echo "Failed to create issue: $title" + echo "Creating issue: ${title}" + echo "Description: ${description}" + gh issue create --title "$title" --body "$description" --label "security" || echo "Failed to create issue: ${title}" done else - echo "File $file not found" + echo "File not found: ${file}" fi done env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} From c1958a6a53b5e8745b9a687a39f9f06bba60c025 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:42:03 +0000 Subject: [PATCH 26/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index f5c2f91..7af7270 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -65,16 +65,23 @@ jobs: run: | for file in snyk-api-results.json snyk-gateway-results.json; do if [ -f "$file" ]; then - vulnerabilities=$(jq -r '.vulnerabilities[] | @base64' $file) + vulnerabilities=$(jq -r '.vulnerabilities[] | select(.severity == "high" or .severity == "critical") | @base64' $file) for vulnerability in $vulnerabilities; do _jq() { echo "${vulnerability}" | base64 --decode | jq -r ${1} } title="SNYK: $(_jq '.title')" description="## Description\n$(_jq '.description')\n\n## Info\n$(_jq '.url')\n\n## Severity\n$(_jq '.severity')\n\n## Introduced through\n$(_jq '.from | join(", ")')\n\n## Remediation\n$(_jq '.remediation')" - echo "Creating issue: ${title}" - echo "Description: ${description}" - gh issue create --title "$title" --body "$description" --label "security" || echo "Failed to create issue: ${title}" + + # Check if issue already exists + existing_issue=$(gh issue list -R yourusername/yourrepository --search "$title" --json number --jq '.[].number') + if [ -z "$existing_issue" ]; then + echo "Creating issue: ${title}" + echo "Description: ${description}" + gh issue create --title "$title" --body "$description" --label "security" || echo "Failed to create issue: ${title}" + else + echo "Issue already exists: ${title}" + fi done else echo "File not found: ${file}" From 734224d86d8bcdced8984a739af032c5a935218a Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:49:05 +0000 Subject: [PATCH 27/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 2 +- .github/workflows/test.yml | 80 +++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 7af7270..229483e 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -3,7 +3,7 @@ name: Snyk Container Scan on: push: branches: - - 20-security-scan-of-the-image + - main pull_request: branches: - main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..d2ed6d3 --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,80 @@ +name: Snyk Docker Scan + +on: + push: + branches: + - 20-security-scan-of-the-image + pull_request: + branches: + - main + +jobs: + snyk: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Log in to Docker Hub + uses: docker/login-action@v1 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build API image + run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . + + - name: Build Gateway image + run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . + + - name: Run Snyk to check API Docker image for vulnerabilities + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + run: snyk container test n5gehtoolsmqtt-gateway-api:latest --json > snyk-api-report.json + + - name: Run Snyk to check Gateway Docker image for vulnerabilities + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + run: snyk container test n5gehtoolsmqtt-gateway-gateway:latest --json > snyk-gateway-report.json + + - name: Filter high and critical vulnerabilities for API image + run: | + jq '.vulnerabilities |= map(select(.severity == "high" or .severity == "critical"))' snyk-api-report.json > snyk-api-high-critical-report.json + shell: bash + + - name: Filter high and critical vulnerabilities for Gateway image + run: | + jq '.vulnerabilities |= map(select(.severity == "high" or .severity == "critical"))' snyk-gateway-report.json > snyk-gateway-high-critical-report.json + shell: bash + + - name: Check if API report contains high or critical vulnerabilities + id: api_vuln_check + run: | + count=$(jq '.vulnerabilities | length' snyk-api-high-critical-report.json) + echo "::set-output name=has_vulnerabilities::$count" + + - name: Check if Gateway report contains high or critical vulnerabilities + id: gateway_vuln_check + run: | + count=$(jq '.vulnerabilities | length' snyk-gateway-high-critical-report.json) + echo "::set-output name=has_vulnerabilities::$count" + + - name: Create GitHub issues for API image vulnerabilities + if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 + uses: JasonEtco/create-an-issue@v2 + with: + filename: snyk-api-high-critical-report.json + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create GitHub issues for Gateway image vulnerabilities + if: steps.gateway_vuln_check.outputs.has_vulnerabilities > 0 + uses: JasonEtco/create-an-issue@v2 + with: + filename: snyk-gateway-high-critical-report.json + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From e449749c60d3bc4524e5398d4a9be92d0afdbe44 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:51:26 +0000 Subject: [PATCH 28/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d2ed6d3..bf12601 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 @@ -31,6 +31,9 @@ jobs: - name: Build Gateway image run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . + - name: Install Snyk CLI + run: npm install -g snyk + - name: Run Snyk to check API Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 0202453595b3f0eabaccc3e0fd18160586c7c743 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:54:58 +0000 Subject: [PATCH 29/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index bf12601..11068d3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,16 +14,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Log in to Docker Hub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} + uses: docker/setup-buildx-action@v3 - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . @@ -37,12 +31,20 @@ jobs: - name: Run Snyk to check API Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: snyk container test n5gehtoolsmqtt-gateway-api:latest --json > snyk-api-report.json + run: | + snyk container test n5gehtoolsmqtt-gateway-api:latest --json > snyk-api-report.json || true - name: Run Snyk to check Gateway Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: snyk container test n5gehtoolsmqtt-gateway-gateway:latest --json > snyk-gateway-report.json + run: | + snyk container test n5gehtoolsmqtt-gateway-gateway:latest --json > snyk-gateway-report.json || true + + - name: Display API Snyk Report + run: cat snyk-api-report.json + + - name: Display Gateway Snyk Report + run: cat snyk-gateway-report.json - name: Filter high and critical vulnerabilities for API image run: | @@ -80,4 +82,4 @@ jobs: with: filename: snyk-gateway-high-critical-report.json env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From bb22c06cd876ccfb144e4540477a15cc360427bb Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Mon, 22 Jul 2024 23:59:11 +0000 Subject: [PATCH 30/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 40 ++++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 11068d3..8cb7a10 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: - name: Install Snyk CLI run: npm install -g snyk - - name: Run Snyk to check API Docker image for vulnerabilities + - name: Run Snyk to check API Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} run: | @@ -40,12 +40,6 @@ jobs: run: | snyk container test n5gehtoolsmqtt-gateway-gateway:latest --json > snyk-gateway-report.json || true - - name: Display API Snyk Report - run: cat snyk-api-report.json - - - name: Display Gateway Snyk Report - run: cat snyk-gateway-report.json - - name: Filter high and critical vulnerabilities for API image run: | jq '.vulnerabilities |= map(select(.severity == "high" or .severity == "critical"))' snyk-api-report.json > snyk-api-high-critical-report.json @@ -72,6 +66,21 @@ jobs: if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 uses: JasonEtco/create-an-issue@v2 with: + title: "High/Critical Vulnerabilities Found in API Docker Image" + body: | + **High/Critical Vulnerabilities Found in API Docker Image** + The following high/critical vulnerabilities were found in the API Docker image: + + ```json + ${{ steps.api_vuln_check.outputs.has_vulnerabilities }} + ``` + + **Details:** + ```json + ${{ steps.api_vuln_check.outputs.has_vulnerabilities | fromJson | .vulnerabilities | map(.title, .description, .severity, .identifiers) }} + ``` + + Please review and address these vulnerabilities as soon as possible. filename: snyk-api-high-critical-report.json env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -80,6 +89,21 @@ jobs: if: steps.gateway_vuln_check.outputs.has_vulnerabilities > 0 uses: JasonEtco/create-an-issue@v2 with: + title: "High/Critical Vulnerabilities Found in Gateway Docker Image" + body: | + **High/Critical Vulnerabilities Found in Gateway Docker Image** + The following high/critical vulnerabilities were found in the Gateway Docker image: + + ```json + ${{ steps.gateway_vuln_check.outputs.has_vulnerabilities }} + ``` + + **Details:** + ```json + ${{ steps.gateway_vuln_check.outputs.has_vulnerabilities | fromJson | .vulnerabilities | map(.title, .description, .severity, .identifiers) }} + ``` + + Please review and address these vulnerabilities as soon as possible. filename: snyk-gateway-high-critical-report.json env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 6d94e98131eb1c418b546447417f6b4dd3ed8cb4 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 23 Jul 2024 00:00:34 +0000 Subject: [PATCH 31/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8cb7a10..5a9ced7 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: - name: Install Snyk CLI run: npm install -g snyk - - name: Run Snyk to check API Docker image for vulnerabilities + - name: Run Snyk to check API Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} run: | From f0b6c67f4059116a6f039bb30e8156a4f64433aa Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 23 Jul 2024 00:02:41 +0000 Subject: [PATCH 32/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 56 ++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 32 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5a9ced7..48f72a4 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: - name: Install Snyk CLI run: npm install -g snyk - - name: Run Snyk to check API Docker image for vulnerabilities + - name: Run Snyk to check API Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} run: | @@ -62,26 +62,32 @@ jobs: count=$(jq '.vulnerabilities | length' snyk-gateway-high-critical-report.json) echo "::set-output name=has_vulnerabilities::$count" + - name: Generate API issue body + id: api_issue_body + if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 + run: | + echo "### High/Critical Vulnerabilities Found in API Docker Image" > api_issue_body.txt + echo "The following high/critical vulnerabilities were found in the API Docker image:" >> api_issue_body.txt + jq -r '.vulnerabilities[] | "* \(.title): \(.description) (Severity: \(.severity))\n Identifiers: \(.identifiers)"' snyk-api-high-critical-report.json >> api_issue_body.txt + echo "Please review and address these vulnerabilities as soon as possible." >> api_issue_body.txt + echo "::set-output name=body::$(cat api_issue_body.txt)" + + - name: Generate Gateway issue body + id: gateway_issue_body + if: steps.gateway_vuln_check.outputs.has_vulnerabilities > 0 + run: | + echo "### High/Critical Vulnerabilities Found in Gateway Docker Image" > gateway_issue_body.txt + echo "The following high/critical vulnerabilities were found in the Gateway Docker image:" >> gateway_issue_body.txt + jq -r '.vulnerabilities[] | "* \(.title): \(.description) (Severity: \(.severity))\n Identifiers: \(.identifiers)"' snyk-gateway-high-critical-report.json >> gateway_issue_body.txt + echo "Please review and address these vulnerabilities as soon as possible." >> gateway_issue_body.txt + echo "::set-output name=body::$(cat gateway_issue_body.txt)" + - name: Create GitHub issues for API image vulnerabilities if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 uses: JasonEtco/create-an-issue@v2 with: title: "High/Critical Vulnerabilities Found in API Docker Image" - body: | - **High/Critical Vulnerabilities Found in API Docker Image** - The following high/critical vulnerabilities were found in the API Docker image: - - ```json - ${{ steps.api_vuln_check.outputs.has_vulnerabilities }} - ``` - - **Details:** - ```json - ${{ steps.api_vuln_check.outputs.has_vulnerabilities | fromJson | .vulnerabilities | map(.title, .description, .severity, .identifiers) }} - ``` - - Please review and address these vulnerabilities as soon as possible. - filename: snyk-api-high-critical-report.json + body: ${{ steps.api_issue_body.outputs.body }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -90,20 +96,6 @@ jobs: uses: JasonEtco/create-an-issue@v2 with: title: "High/Critical Vulnerabilities Found in Gateway Docker Image" - body: | - **High/Critical Vulnerabilities Found in Gateway Docker Image** - The following high/critical vulnerabilities were found in the Gateway Docker image: - - ```json - ${{ steps.gateway_vuln_check.outputs.has_vulnerabilities }} - ``` - - **Details:** - ```json - ${{ steps.gateway_vuln_check.outputs.has_vulnerabilities | fromJson | .vulnerabilities | map(.title, .description, .severity, .identifiers) }} - ``` - - Please review and address these vulnerabilities as soon as possible. - filename: snyk-gateway-high-critical-report.json + body: ${{ steps.gateway_issue_body.outputs.body }} env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From d09fb0cdaf8aefc58903199217117e9cead2c97f Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 23 Jul 2024 00:03:14 +0000 Subject: [PATCH 33/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 48f72a4..ec611c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,7 +28,7 @@ jobs: - name: Install Snyk CLI run: npm install -g snyk - - name: Run Snyk to check API Docker image for vulnerabilities + - name: Run Snyk to check API Docker image for vulnerabilities env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} run: | From 6fef08fc3ff41d827ee944f35ac71c3beb213cba Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 23 Jul 2024 00:06:37 +0000 Subject: [PATCH 34/46] feat: security scan of Docker images using Snyk --- .github/workflows/test.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ec611c3..f6ff542 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -84,18 +84,18 @@ jobs: - name: Create GitHub issues for API image vulnerabilities if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 - uses: JasonEtco/create-an-issue@v2 + uses: peter-evans/create-issue-from-file@v4 with: title: "High/Critical Vulnerabilities Found in API Docker Image" - body: ${{ steps.api_issue_body.outputs.body }} + content-filepath: api_issue_body.txt env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Create GitHub issues for Gateway image vulnerabilities if: steps.gateway_vuln_check.outputs.has_vulnerabilities > 0 - uses: JasonEtco/create-an-issue@v2 + uses: peter-evans/create-issue-from-file@v4 with: title: "High/Critical Vulnerabilities Found in Gateway Docker Image" - body: ${{ steps.gateway_issue_body.outputs.body }} + content-filepath: gateway_issue_body.txt env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 1849149b490a5a2b748c252e83b6971d7bd1f46c Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 23 Jul 2024 00:09:18 +0000 Subject: [PATCH 35/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 59 ++----------------- .github/workflows/test.yml | 101 -------------------------------- 2 files changed, 5 insertions(+), 155 deletions(-) delete mode 100644 .github/workflows/test.yml diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 229483e..583a780 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -3,7 +3,7 @@ name: Snyk Container Scan on: push: branches: - - main + - 20-security-scan-of-the-image pull_request: branches: - main @@ -14,10 +14,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v3 # Using the latest version - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v3 # Using the latest version - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . @@ -26,66 +26,17 @@ jobs: run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image - id: snyk_api uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high --json-file-output=snyk-api-results.json' + args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - name: Snyk Scan Gateway image - id: snyk_gateway uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high --json-file-output=snyk-gateway-results.json' + args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - - - name: Upload Snyk Results - if: always() - uses: actions/upload-artifact@v2 - with: - name: snyk-results - path: | - snyk-api-results.json - snyk-gateway-results.json - - - name: Ensure Security Label Exists - run: | - gh label create security --color FF0000 --description "Security related issues" || echo "Label already exists" - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create GitHub Issues for Vulnerabilities - if: always() - run: | - for file in snyk-api-results.json snyk-gateway-results.json; do - if [ -f "$file" ]; then - vulnerabilities=$(jq -r '.vulnerabilities[] | select(.severity == "high" or .severity == "critical") | @base64' $file) - for vulnerability in $vulnerabilities; do - _jq() { - echo "${vulnerability}" | base64 --decode | jq -r ${1} - } - title="SNYK: $(_jq '.title')" - description="## Description\n$(_jq '.description')\n\n## Info\n$(_jq '.url')\n\n## Severity\n$(_jq '.severity')\n\n## Introduced through\n$(_jq '.from | join(", ")')\n\n## Remediation\n$(_jq '.remediation')" - - # Check if issue already exists - existing_issue=$(gh issue list -R yourusername/yourrepository --search "$title" --json number --jq '.[].number') - if [ -z "$existing_issue" ]; then - echo "Creating issue: ${title}" - echo "Description: ${description}" - gh issue create --title "$title" --body "$description" --label "security" || echo "Failed to create issue: ${title}" - else - echo "Issue already exists: ${title}" - fi - done - else - echo "File not found: ${file}" - fi - done - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index f6ff542..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: Snyk Docker Scan - -on: - push: - branches: - - 20-security-scan-of-the-image - pull_request: - branches: - - main - -jobs: - snyk: - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build API image - run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . - - - name: Build Gateway image - run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - - - name: Install Snyk CLI - run: npm install -g snyk - - - name: Run Snyk to check API Docker image for vulnerabilities - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: | - snyk container test n5gehtoolsmqtt-gateway-api:latest --json > snyk-api-report.json || true - - - name: Run Snyk to check Gateway Docker image for vulnerabilities - env: - SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - run: | - snyk container test n5gehtoolsmqtt-gateway-gateway:latest --json > snyk-gateway-report.json || true - - - name: Filter high and critical vulnerabilities for API image - run: | - jq '.vulnerabilities |= map(select(.severity == "high" or .severity == "critical"))' snyk-api-report.json > snyk-api-high-critical-report.json - shell: bash - - - name: Filter high and critical vulnerabilities for Gateway image - run: | - jq '.vulnerabilities |= map(select(.severity == "high" or .severity == "critical"))' snyk-gateway-report.json > snyk-gateway-high-critical-report.json - shell: bash - - - name: Check if API report contains high or critical vulnerabilities - id: api_vuln_check - run: | - count=$(jq '.vulnerabilities | length' snyk-api-high-critical-report.json) - echo "::set-output name=has_vulnerabilities::$count" - - - name: Check if Gateway report contains high or critical vulnerabilities - id: gateway_vuln_check - run: | - count=$(jq '.vulnerabilities | length' snyk-gateway-high-critical-report.json) - echo "::set-output name=has_vulnerabilities::$count" - - - name: Generate API issue body - id: api_issue_body - if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 - run: | - echo "### High/Critical Vulnerabilities Found in API Docker Image" > api_issue_body.txt - echo "The following high/critical vulnerabilities were found in the API Docker image:" >> api_issue_body.txt - jq -r '.vulnerabilities[] | "* \(.title): \(.description) (Severity: \(.severity))\n Identifiers: \(.identifiers)"' snyk-api-high-critical-report.json >> api_issue_body.txt - echo "Please review and address these vulnerabilities as soon as possible." >> api_issue_body.txt - echo "::set-output name=body::$(cat api_issue_body.txt)" - - - name: Generate Gateway issue body - id: gateway_issue_body - if: steps.gateway_vuln_check.outputs.has_vulnerabilities > 0 - run: | - echo "### High/Critical Vulnerabilities Found in Gateway Docker Image" > gateway_issue_body.txt - echo "The following high/critical vulnerabilities were found in the Gateway Docker image:" >> gateway_issue_body.txt - jq -r '.vulnerabilities[] | "* \(.title): \(.description) (Severity: \(.severity))\n Identifiers: \(.identifiers)"' snyk-gateway-high-critical-report.json >> gateway_issue_body.txt - echo "Please review and address these vulnerabilities as soon as possible." >> gateway_issue_body.txt - echo "::set-output name=body::$(cat gateway_issue_body.txt)" - - - name: Create GitHub issues for API image vulnerabilities - if: steps.api_vuln_check.outputs.has_vulnerabilities > 0 - uses: peter-evans/create-issue-from-file@v4 - with: - title: "High/Critical Vulnerabilities Found in API Docker Image" - content-filepath: api_issue_body.txt - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create GitHub issues for Gateway image vulnerabilities - if: steps.gateway_vuln_check.outputs.has_vulnerabilities > 0 - uses: peter-evans/create-issue-from-file@v4 - with: - title: "High/Critical Vulnerabilities Found in Gateway Docker Image" - content-filepath: gateway_issue_body.txt - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 7b12379d72a494941e7d387f8ed50281838101f2 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 23 Jul 2024 00:11:39 +0000 Subject: [PATCH 36/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 583a780..d45ac2e 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -32,6 +32,7 @@ jobs: args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Snyk Scan Gateway image uses: snyk/actions/docker@master @@ -40,3 +41,4 @@ jobs: args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true From 9827b6bba4bf9f8513ee50e1c8957de811199554 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:01:51 +0000 Subject: [PATCH 37/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 111 ++++++++++++++++++++++++++++++-- 1 file changed, 106 insertions(+), 5 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index d45ac2e..5a29644 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,4 +1,4 @@ -name: Snyk Container Scan +name: Snyk Container Scan and Create Issues on: push: @@ -14,10 +14,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 # Using the latest version + uses: actions/checkout@v3 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 # Using the latest version + uses: docker/setup-buildx-action@v3 - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . @@ -26,19 +26,120 @@ jobs: run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image + id: snyk_api_scan uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high' + args: '--severity-threshold=high --json-file-output=snyk_api_results.json' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true - name: Snyk Scan Gateway image + id: snyk_gateway_scan uses: snyk/actions/docker@master with: image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high' + args: '--severity-threshold=high --json-file-output=snyk_gateway_results.json' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} continue-on-error: true + + - name: Upload Snyk API scan results + if: always() + uses: actions/upload-artifact@v3 + with: + name: snyk-api-results + path: snyk_api_results.json + + - name: Upload Snyk Gateway scan results + if: always() + uses: actions/upload-artifact@v3 + with: + name: snyk-gateway-results + path: snyk_gateway_results.json + + - name: Create issues from Snyk API scan + if: always() + uses: actions/github-script@v5 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const fs = require('fs'); + const snykResults = JSON.parse(fs.readFileSync('snyk_api_results.json', 'utf-8')); + + const highCriticalVulnerabilities = snykResults.vulnerabilities.filter(vuln => + vuln.severity === 'high' || vuln.severity === 'critical' + ); + + for (const vuln of highCriticalVulnerabilities) { + const issueTitle = `Snyk Security Alert: ${vuln.title} - ${vuln.severity}`; + const issueBody = ` + A security vulnerability has been detected in the \`${vuln.packageName}\` package. + + **Severity**: ${vuln.severity} + + **Summary**: ${vuln.title} + + **Description**: ${vuln.description} + + **Details**: [View alert](${vuln.url}) + + Please review and address this issue accordingly. + `; + + console.log('Creating issue with title:', issueTitle); + console.log('Creating issue with body:', issueBody); + + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: issueTitle, + body: issueBody + }); + + // Add a delay to avoid rate limit issues + await new Promise(resolve => setTimeout(resolve, 2000)); + } + + - name: Create issues from Snyk Gateway scan + if: always() + uses: actions/github-script@v5 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const fs = require('fs'); + const snykResults = JSON.parse(fs.readFileSync('snyk_gateway_results.json', 'utf-8')); + + const highCriticalVulnerabilities = snykResults.vulnerabilities.filter(vuln => + vuln.severity === 'high' || vuln.severity === 'critical' + ); + + for (const vuln of highCriticalVulnerabilities) { + const issueTitle = `Snyk Security Alert: ${vuln.title} - ${vuln.severity}`; + const issueBody = ` + A security vulnerability has been detected in the \`${vuln.packageName}\` package. + + **Severity**: ${vuln.severity} + + **Summary**: ${vuln.title} + + **Description**: ${vuln.description} + + **Details**: [View alert](${vuln.url}) + + Please review and address this issue accordingly. + `; + + console.log('Creating issue with title:', issueTitle); + console.log('Creating issue with body:', issueBody); + + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: issueTitle, + body: issueBody + }); + + // Add a delay to avoid rate limit issues + await new Promise(resolve => setTimeout(resolve, 2000)); From 67130a8636a1ab3b754ebf164e88c66ffcfe16c6 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:09:53 +0000 Subject: [PATCH 38/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 46 ++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 5a29644..3a4910b 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -67,13 +67,27 @@ jobs: script: | const fs = require('fs'); const snykResults = JSON.parse(fs.readFileSync('snyk_api_results.json', 'utf-8')); - + const highCriticalVulnerabilities = snykResults.vulnerabilities.filter(vuln => vuln.severity === 'high' || vuln.severity === 'critical' ); + const existingIssues = await github.rest.issues.listForRepo({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'open', + labels: 'snyk' + }); + for (const vuln of highCriticalVulnerabilities) { const issueTitle = `Snyk Security Alert: ${vuln.title} - ${vuln.severity}`; + + const issueExists = existingIssues.data.some(issue => issue.title === issueTitle); + if (issueExists) { + console.log(`Issue already exists: ${issueTitle}`); + continue; + } + const issueBody = ` A security vulnerability has been detected in the \`${vuln.packageName}\` package. @@ -85,6 +99,10 @@ jobs: **Details**: [View alert](${vuln.url}) + Introduced through: ${vuln.from.join(', ')} + + From: ${vuln.from.join(' > ')} + Please review and address this issue accordingly. `; @@ -95,7 +113,8 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, title: issueTitle, - body: issueBody + body: issueBody, + labels: ['snyk'] }); // Add a delay to avoid rate limit issues @@ -110,13 +129,27 @@ jobs: script: | const fs = require('fs'); const snykResults = JSON.parse(fs.readFileSync('snyk_gateway_results.json', 'utf-8')); - + const highCriticalVulnerabilities = snykResults.vulnerabilities.filter(vuln => vuln.severity === 'high' || vuln.severity === 'critical' ); + const existingIssues = await github.rest.issues.listForRepo({ + owner: context.repo.owner, + repo: context.repo.repo, + state: 'open', + labels: 'snyk' + }); + for (const vuln of highCriticalVulnerabilities) { const issueTitle = `Snyk Security Alert: ${vuln.title} - ${vuln.severity}`; + + const issueExists = existingIssues.data.some(issue => issue.title === issueTitle); + if (issueExists) { + console.log(`Issue already exists: ${issueTitle}`); + continue; + } + const issueBody = ` A security vulnerability has been detected in the \`${vuln.packageName}\` package. @@ -128,6 +161,10 @@ jobs: **Details**: [View alert](${vuln.url}) + Introduced through: ${vuln.from.join(', ')} + + From: ${vuln.from.join(' > ')} + Please review and address this issue accordingly. `; @@ -138,7 +175,8 @@ jobs: owner: context.repo.owner, repo: context.repo.repo, title: issueTitle, - body: issueBody + body: issueBody, + labels: ['snyk'] }); // Add a delay to avoid rate limit issues From c057ce8792fbb660edc6f996b7288ae76841b0bd Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:21:35 +0000 Subject: [PATCH 39/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 225 ++++++++++++++++++-------------- 1 file changed, 127 insertions(+), 98 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 3a4910b..334a723 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -27,37 +27,29 @@ jobs: - name: Snyk Scan API image id: snyk_api_scan - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high --json-file-output=snyk_api_results.json' + run: snyk test --docker n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high > snyk_api_results.txt || true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - name: Snyk Scan Gateway image id: snyk_gateway_scan - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high --json-file-output=snyk_gateway_results.json' + run: snyk test --docker n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high > snyk_gateway_results.txt || true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - name: Upload Snyk API scan results if: always() uses: actions/upload-artifact@v3 with: name: snyk-api-results - path: snyk_api_results.json + path: snyk_api_results.txt - name: Upload Snyk Gateway scan results if: always() uses: actions/upload-artifact@v3 with: name: snyk-gateway-results - path: snyk_gateway_results.json + path: snyk_gateway_results.txt - name: Create issues from Snyk API scan if: always() @@ -66,11 +58,31 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fs = require('fs'); - const snykResults = JSON.parse(fs.readFileSync('snyk_api_results.json', 'utf-8')); + const snykOutput = fs.readFileSync('snyk_api_results.txt', 'utf-8'); + + const parseSnykOutput = (output) => { + const lines = output.split('\n'); + const issues = []; + let currentIssue = null; + let recommendations = ''; + + lines.forEach(line => { + if (line.startsWith('Upgrade ')) { + if (currentIssue) issues.push(currentIssue); + currentIssue = { title: line.trim(), details: '' }; + } else if (line.startsWith('Recommendations for base image upgrade:')) { + currentIssue = null; + recommendations = line.trim(); + } else if (currentIssue) { + currentIssue.details += line.trim() + '\n'; + } + }); + if (currentIssue) issues.push(currentIssue); - const highCriticalVulnerabilities = snykResults.vulnerabilities.filter(vuln => - vuln.severity === 'high' || vuln.severity === 'critical' - ); + return { issues, recommendations }; + }; + + const { issues, recommendations } = parseSnykOutput(snykOutput); const existingIssues = await github.rest.issues.listForRepo({ owner: context.repo.owner, @@ -79,46 +91,44 @@ jobs: labels: 'snyk' }); - for (const vuln of highCriticalVulnerabilities) { - const issueTitle = `Snyk Security Alert: ${vuln.title} - ${vuln.severity}`; - - const issueExists = existingIssues.data.some(issue => issue.title === issueTitle); - if (issueExists) { - console.log(`Issue already exists: ${issueTitle}`); - continue; + const createIssues = async (issues) => { + for (const issue of issues) { + const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issue.title); + if (issueExists) { + console.log(`Issue already exists: ${issue.title}`); + continue; + } + + console.log('Creating issue with title:', issue.title); + console.log('Creating issue with body:', issue.details); + + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: issue.title, + body: issue.details, + labels: ['snyk'] + }); + + // Add a delay to avoid rate limit issues + await new Promise(resolve => setTimeout(resolve, 2000)); + } + }; + + await createIssues(issues); + + if (recommendations) { + const issueTitle = 'Snyk Base Image Recommendations'; + const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issueTitle); + if (!issueExists) { + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: issueTitle, + body: recommendations, + labels: ['snyk'] + }); } - - const issueBody = ` - A security vulnerability has been detected in the \`${vuln.packageName}\` package. - - **Severity**: ${vuln.severity} - - **Summary**: ${vuln.title} - - **Description**: ${vuln.description} - - **Details**: [View alert](${vuln.url}) - - Introduced through: ${vuln.from.join(', ')} - - From: ${vuln.from.join(' > ')} - - Please review and address this issue accordingly. - `; - - console.log('Creating issue with title:', issueTitle); - console.log('Creating issue with body:', issueBody); - - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: issueTitle, - body: issueBody, - labels: ['snyk'] - }); - - // Add a delay to avoid rate limit issues - await new Promise(resolve => setTimeout(resolve, 2000)); } - name: Create issues from Snyk Gateway scan @@ -128,11 +138,31 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fs = require('fs'); - const snykResults = JSON.parse(fs.readFileSync('snyk_gateway_results.json', 'utf-8')); + const snykOutput = fs.readFileSync('snyk_gateway_results.txt', 'utf-8'); + + const parseSnykOutput = (output) => { + const lines = output.split('\n'); + const issues = []; + let currentIssue = null; + let recommendations = ''; + + lines.forEach(line => { + if (line.startsWith('Upgrade ')) { + if (currentIssue) issues.push(currentIssue); + currentIssue = { title: line.trim(), details: '' }; + } else if (line.startsWith('Recommendations for base image upgrade:')) { + currentIssue = null; + recommendations = line.trim(); + } else if (currentIssue) { + currentIssue.details += line.trim() + '\n'; + } + }); + if (currentIssue) issues.push(currentIssue); + + return { issues, recommendations }; + }; - const highCriticalVulnerabilities = snykResults.vulnerabilities.filter(vuln => - vuln.severity === 'high' || vuln.severity === 'critical' - ); + const { issues, recommendations } = parseSnykOutput(snykOutput); const existingIssues = await github.rest.issues.listForRepo({ owner: context.repo.owner, @@ -141,43 +171,42 @@ jobs: labels: 'snyk' }); - for (const vuln of highCriticalVulnerabilities) { - const issueTitle = `Snyk Security Alert: ${vuln.title} - ${vuln.severity}`; - - const issueExists = existingIssues.data.some(issue => issue.title === issueTitle); - if (issueExists) { - console.log(`Issue already exists: ${issueTitle}`); - continue; + const createIssues = async (issues) => { + for (const issue of issues) { + const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issue.title); + if (issueExists) { + console.log(`Issue already exists: ${issue.title}`); + continue; + } + + console.log('Creating issue with title:', issue.title); + console.log('Creating issue with body:', issue.details); + + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: issue.title, + body: issue.details, + labels: ['snyk'] + }); + + // Add a delay to avoid rate limit issues + await new Promise(resolve => setTimeout(resolve, 2000)); } - - const issueBody = ` - A security vulnerability has been detected in the \`${vuln.packageName}\` package. - - **Severity**: ${vuln.severity} - - **Summary**: ${vuln.title} - - **Description**: ${vuln.description} - - **Details**: [View alert](${vuln.url}) - - Introduced through: ${vuln.from.join(', ')} - - From: ${vuln.from.join(' > ')} - - Please review and address this issue accordingly. - `; - - console.log('Creating issue with title:', issueTitle); - console.log('Creating issue with body:', issueBody); - - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: issueTitle, - body: issueBody, - labels: ['snyk'] - }); - - // Add a delay to avoid rate limit issues - await new Promise(resolve => setTimeout(resolve, 2000)); + }; + + await createIssues(issues); + + if (recommendations) { + const issueTitle = 'Snyk Base Image Recommendations'; + const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issueTitle); + if (!issueExists) { + await github.rest.issues.create({ + owner: context.repo.owner, + repo: context.repo.repo, + title: issueTitle, + body: recommendations, + labels: ['snyk'] + }); + } + } From 8f93c37c660bcada51da21aaa7cf889e0886bd2c Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:23:59 +0000 Subject: [PATCH 40/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 334a723..349b51f 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -27,29 +27,37 @@ jobs: - name: Snyk Scan API image id: snyk_api_scan - run: snyk test --docker n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high > snyk_api_results.txt || true + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-api:latest' + args: '--severity-threshold=high --json-file-output=snyk_api_results.json' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Snyk Scan Gateway image id: snyk_gateway_scan - run: snyk test --docker n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high > snyk_gateway_results.txt || true + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-gateway:latest' + args: '--severity-threshold=high --json-file-output=snyk_gateway_results.json' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Upload Snyk API scan results if: always() uses: actions/upload-artifact@v3 with: name: snyk-api-results - path: snyk_api_results.txt + path: snyk_api_results.json - name: Upload Snyk Gateway scan results if: always() uses: actions/upload-artifact@v3 with: name: snyk-gateway-results - path: snyk_gateway_results.txt + path: snyk_gateway_results.json - name: Create issues from Snyk API scan if: always() @@ -209,4 +217,4 @@ jobs: labels: ['snyk'] }); } - } + } \ No newline at end of file From 29fb1c92b87ebf342bb0af9af3a109619212a3c2 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:26:08 +0000 Subject: [PATCH 41/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 349b51f..77e65df 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -66,7 +66,7 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fs = require('fs'); - const snykOutput = fs.readFileSync('snyk_api_results.txt', 'utf-8'); + const snykOutput = fs.readFileSync('snyk_api_results.json', 'utf-8'); const parseSnykOutput = (output) => { const lines = output.split('\n'); @@ -146,7 +146,7 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fs = require('fs'); - const snykOutput = fs.readFileSync('snyk_gateway_results.txt', 'utf-8'); + const snykOutput = fs.readFileSync('snyk_gateway_results.json', 'utf-8'); const parseSnykOutput = (output) => { const lines = output.split('\n'); From 4696754270d2acada3f85706b2a3814718afd9cc Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:31:21 +0000 Subject: [PATCH 42/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 77e65df..cf3cebb 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -19,6 +19,9 @@ jobs: - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 + - name: Install Snyk CLI + run: npm install -g snyk + - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . @@ -27,37 +30,29 @@ jobs: - name: Snyk Scan API image id: snyk_api_scan - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-api:latest' - args: '--severity-threshold=high --json-file-output=snyk_api_results.json' + run: snyk test --docker n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high > snyk_api_results.txt || true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - name: Snyk Scan Gateway image id: snyk_gateway_scan - uses: snyk/actions/docker@master - with: - image: 'n5gehtoolsmqtt-gateway-gateway:latest' - args: '--severity-threshold=high --json-file-output=snyk_gateway_results.json' + run: snyk test --docker n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high > snyk_gateway_results.txt || true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - continue-on-error: true - name: Upload Snyk API scan results if: always() uses: actions/upload-artifact@v3 with: name: snyk-api-results - path: snyk_api_results.json + path: snyk_api_results.txt - name: Upload Snyk Gateway scan results if: always() uses: actions/upload-artifact@v3 with: name: snyk-gateway-results - path: snyk_gateway_results.json + path: snyk_gateway_results.txt - name: Create issues from Snyk API scan if: always() @@ -66,7 +61,7 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fs = require('fs'); - const snykOutput = fs.readFileSync('snyk_api_results.json', 'utf-8'); + const snykOutput = fs.readFileSync('snyk_api_results.txt', 'utf-8'); const parseSnykOutput = (output) => { const lines = output.split('\n'); @@ -146,7 +141,7 @@ jobs: github-token: ${{ secrets.GITHUB_TOKEN }} script: | const fs = require('fs'); - const snykOutput = fs.readFileSync('snyk_gateway_results.json', 'utf-8'); + const snykOutput = fs.readFileSync('snyk_gateway_results.txt', 'utf-8'); const parseSnykOutput = (output) => { const lines = output.split('\n'); @@ -217,4 +212,4 @@ jobs: labels: ['snyk'] }); } - } \ No newline at end of file + From 437fa1df04a787772bd4e660380bc48cb325c17a Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:35:07 +0000 Subject: [PATCH 43/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index cf3cebb..2c00228 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -75,7 +75,7 @@ jobs: currentIssue = { title: line.trim(), details: '' }; } else if (line.startsWith('Recommendations for base image upgrade:')) { currentIssue = null; - recommendations = line.trim(); + recommendations += line.trim() + '\n'; } else if (currentIssue) { currentIssue.details += line.trim() + '\n'; } @@ -155,7 +155,7 @@ jobs: currentIssue = { title: line.trim(), details: '' }; } else if (line.startsWith('Recommendations for base image upgrade:')) { currentIssue = null; - recommendations = line.trim(); + recommendations += line.trim() + '\n'; } else if (currentIssue) { currentIssue.details += line.trim() + '\n'; } @@ -212,4 +212,4 @@ jobs: labels: ['snyk'] }); } - + } From 3d5f2a151c9ea153ddf32bc4c0dea9a566ddd5b9 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 09:37:02 +0000 Subject: [PATCH 44/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 197 +++----------------------------- 1 file changed, 13 insertions(+), 184 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index 2c00228..d45ac2e 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -1,4 +1,4 @@ -name: Snyk Container Scan and Create Issues +name: Snyk Container Scan on: push: @@ -14,13 +14,10 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v3 # Using the latest version - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Install Snyk CLI - run: npm install -g snyk + uses: docker/setup-buildx-action@v3 # Using the latest version - name: Build API image run: docker build -t n5gehtoolsmqtt-gateway-api:latest -f ./backend/api/Dockerfile . @@ -29,187 +26,19 @@ jobs: run: docker build -t n5gehtoolsmqtt-gateway-gateway:latest -f ./backend/gateway/Dockerfile . - name: Snyk Scan API image - id: snyk_api_scan - run: snyk test --docker n5gehtoolsmqtt-gateway-api:latest --severity-threshold=high > snyk_api_results.txt || true + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-api:latest' + args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + continue-on-error: true - name: Snyk Scan Gateway image - id: snyk_gateway_scan - run: snyk test --docker n5gehtoolsmqtt-gateway-gateway:latest --severity-threshold=high > snyk_gateway_results.txt || true + uses: snyk/actions/docker@master + with: + image: 'n5gehtoolsmqtt-gateway-gateway:latest' + args: '--severity-threshold=high' env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - - - name: Upload Snyk API scan results - if: always() - uses: actions/upload-artifact@v3 - with: - name: snyk-api-results - path: snyk_api_results.txt - - - name: Upload Snyk Gateway scan results - if: always() - uses: actions/upload-artifact@v3 - with: - name: snyk-gateway-results - path: snyk_gateway_results.txt - - - name: Create issues from Snyk API scan - if: always() - uses: actions/github-script@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const fs = require('fs'); - const snykOutput = fs.readFileSync('snyk_api_results.txt', 'utf-8'); - - const parseSnykOutput = (output) => { - const lines = output.split('\n'); - const issues = []; - let currentIssue = null; - let recommendations = ''; - - lines.forEach(line => { - if (line.startsWith('Upgrade ')) { - if (currentIssue) issues.push(currentIssue); - currentIssue = { title: line.trim(), details: '' }; - } else if (line.startsWith('Recommendations for base image upgrade:')) { - currentIssue = null; - recommendations += line.trim() + '\n'; - } else if (currentIssue) { - currentIssue.details += line.trim() + '\n'; - } - }); - if (currentIssue) issues.push(currentIssue); - - return { issues, recommendations }; - }; - - const { issues, recommendations } = parseSnykOutput(snykOutput); - - const existingIssues = await github.rest.issues.listForRepo({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'open', - labels: 'snyk' - }); - - const createIssues = async (issues) => { - for (const issue of issues) { - const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issue.title); - if (issueExists) { - console.log(`Issue already exists: ${issue.title}`); - continue; - } - - console.log('Creating issue with title:', issue.title); - console.log('Creating issue with body:', issue.details); - - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: issue.title, - body: issue.details, - labels: ['snyk'] - }); - - // Add a delay to avoid rate limit issues - await new Promise(resolve => setTimeout(resolve, 2000)); - } - }; - - await createIssues(issues); - - if (recommendations) { - const issueTitle = 'Snyk Base Image Recommendations'; - const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issueTitle); - if (!issueExists) { - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: issueTitle, - body: recommendations, - labels: ['snyk'] - }); - } - } - - - name: Create issues from Snyk Gateway scan - if: always() - uses: actions/github-script@v5 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const fs = require('fs'); - const snykOutput = fs.readFileSync('snyk_gateway_results.txt', 'utf-8'); - - const parseSnykOutput = (output) => { - const lines = output.split('\n'); - const issues = []; - let currentIssue = null; - let recommendations = ''; - - lines.forEach(line => { - if (line.startsWith('Upgrade ')) { - if (currentIssue) issues.push(currentIssue); - currentIssue = { title: line.trim(), details: '' }; - } else if (line.startsWith('Recommendations for base image upgrade:')) { - currentIssue = null; - recommendations += line.trim() + '\n'; - } else if (currentIssue) { - currentIssue.details += line.trim() + '\n'; - } - }); - if (currentIssue) issues.push(currentIssue); - - return { issues, recommendations }; - }; - - const { issues, recommendations } = parseSnykOutput(snykOutput); - - const existingIssues = await github.rest.issues.listForRepo({ - owner: context.repo.owner, - repo: context.repo.repo, - state: 'open', - labels: 'snyk' - }); - - const createIssues = async (issues) => { - for (const issue of issues) { - const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issue.title); - if (issueExists) { - console.log(`Issue already exists: ${issue.title}`); - continue; - } - - console.log('Creating issue with title:', issue.title); - console.log('Creating issue with body:', issue.details); - - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: issue.title, - body: issue.details, - labels: ['snyk'] - }); - - // Add a delay to avoid rate limit issues - await new Promise(resolve => setTimeout(resolve, 2000)); - } - }; - - await createIssues(issues); - - if (recommendations) { - const issueTitle = 'Snyk Base Image Recommendations'; - const issueExists = existingIssues.data.some(existingIssue => existingIssue.title === issueTitle); - if (!issueExists) { - await github.rest.issues.create({ - owner: context.repo.owner, - repo: context.repo.repo, - title: issueTitle, - body: recommendations, - labels: ['snyk'] - }); - } - } + continue-on-error: true From c8357cc8cb6c54b31a93677013c5499d1027f5db Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Thu, 25 Jul 2024 10:25:26 +0000 Subject: [PATCH 45/46] feat: security scan of Docker images using Snyk --- .github/workflows/snyk-scan.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml index d45ac2e..f64b607 100644 --- a/.github/workflows/snyk-scan.yml +++ b/.github/workflows/snyk-scan.yml @@ -2,9 +2,6 @@ name: Snyk Container Scan on: push: - branches: - - 20-security-scan-of-the-image - pull_request: branches: - main From 2af212df203bfef3681bb49d913d6a8ba531e884 Mon Sep 17 00:00:00 2001 From: Bhavdeep13 Date: Tue, 6 Aug 2024 09:28:37 +0000 Subject: [PATCH 46/46] feat: security scan of Docker images using Snyk --- Snyk/scan_results/crate_crate_4.6.6.md | 9039 ----------------- Snyk/scan_results/dpage_pgadmin4_7.1.md | 340 - Snyk/scan_results/eclipse-mosquitto_2.0.14.md | 92 - Snyk/scan_results/eclipse-mosquitto_2.0.15.md | 190 - .../fiware_iotagent-json_1.26.0.md | 1022 -- Snyk/scan_results/fiware_orion_3.7.0.md | 2330 ----- Snyk/scan_results/fiware_orion_latest.md | 882 -- Snyk/scan_results/grafana_grafana_9.3.0.md | 440 - Snyk/scan_results/mongo-express_1.0.2-20.md | 237 - Snyk/scan_results/mongo_4.4.md | 229 - Snyk/scan_results/mongo_5.0.24.md | 327 - .../orchestracities_quantumleap_0.8.3.md | 595 -- .../portainer_portainer-ce_2.19.4.md | 320 - Snyk/scan_results/postgres_15.2.md | 1068 -- Snyk/scan_results/redis_7.0.md | 321 - .../telefonicaiot_fiware-orion_3.8.1.md | 1698 ---- 16 files changed, 19130 deletions(-) delete mode 100644 Snyk/scan_results/crate_crate_4.6.6.md delete mode 100644 Snyk/scan_results/dpage_pgadmin4_7.1.md delete mode 100644 Snyk/scan_results/eclipse-mosquitto_2.0.14.md delete mode 100644 Snyk/scan_results/eclipse-mosquitto_2.0.15.md delete mode 100644 Snyk/scan_results/fiware_iotagent-json_1.26.0.md delete mode 100644 Snyk/scan_results/fiware_orion_3.7.0.md delete mode 100644 Snyk/scan_results/fiware_orion_latest.md delete mode 100644 Snyk/scan_results/grafana_grafana_9.3.0.md delete mode 100644 Snyk/scan_results/mongo-express_1.0.2-20.md delete mode 100644 Snyk/scan_results/mongo_4.4.md delete mode 100644 Snyk/scan_results/mongo_5.0.24.md delete mode 100644 Snyk/scan_results/orchestracities_quantumleap_0.8.3.md delete mode 100644 Snyk/scan_results/portainer_portainer-ce_2.19.4.md delete mode 100644 Snyk/scan_results/postgres_15.2.md delete mode 100644 Snyk/scan_results/redis_7.0.md delete mode 100644 Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md diff --git a/Snyk/scan_results/crate_crate_4.6.6.md b/Snyk/scan_results/crate_crate_4.6.6.md deleted file mode 100644 index e17acaf..0000000 --- a/Snyk/scan_results/crate_crate_4.6.6.md +++ /dev/null @@ -1,9039 +0,0 @@ -**Scanning crate/crate:4.6.6** -``` - -Testing crate/crate:4.6.6... - -✗ Low severity vulnerability found in vim-minimal - Description: Incorrect Privilege Assignment - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1972550 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1973048 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Incorrect Privilege Assignment - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1980312 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1982569 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-1982606 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2025402 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2025542 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2026967 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2311766 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2327620 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2385970 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2444878 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2813239 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933325 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933359 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933361 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Buffer Over-read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933386 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Buffer Over-read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2933958 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Buffer Over-read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2936187 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937522 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937530 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937532 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937542 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937564 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937570 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2937572 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941487 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941513 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941517 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941521 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941563 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2941583 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2949917 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2949935 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2950125 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978707 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Undefined Behavior for Input to API - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978717 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978719 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2978733 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2984732 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2984746 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Buffer Under-read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2988619 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2988625 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2988777 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2991448 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2991496 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3008892 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3008894 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3013745 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3015810 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3022278 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3032961 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3032975 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3033479 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3037777 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3040686 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3092529 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3165527 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3168013 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3168029 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3227495 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Unchecked Return Value - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3232284 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3232338 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3244928 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3245544 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3259417 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3337664 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3358186 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3358190 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Incorrect Calculation of Buffer Size - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-3358218 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5497713 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5594473 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5594527 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5842140 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5934026 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5952808 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-5969138 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6039466 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068631 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068651 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068663 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068675 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068691 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068722 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Improper Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6068730 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6083857 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in vim-minimal - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-6231624 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in util-linux - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-1946411 - Introduced through: util-linux@2.23.2-65.el7 - From: util-linux@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in util-linux - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-2025256 - Introduced through: util-linux@2.23.2-65.el7 - From: util-linux@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in tar - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-1990470 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in tar - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-2001640 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in tar - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-2014107 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in tar - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-6120499 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in systemd-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1966179 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in systemd - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1966080 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: Insecure Temporary File - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1965158 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1973032 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1976968 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1977167 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1994293 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1997669 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2403545 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-3009912 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-5748848 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in sqlite - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-6154485 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in shadow-utils - Description: Incorrect Implementation of Authentication Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SHADOWUTILS-5877084 - Introduced through: shadow-utils@2:4.6-5.el7 - From: shadow-utils@2:4.6-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in rpm-python - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2017360 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in rpm-libs - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2016349 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in rpm-build-libs - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2015889 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in rpm - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2017331 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in readline - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-READLINE-2834324 - Introduced through: readline@6.2-11.el7 - From: readline@6.2-11.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-pip - Description: Use of Less Trusted Source - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-1992926 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-pip - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-2023960 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-pip - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-6144966 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-libs - Description: Improper Handling of Highly Compressed Data (Data Amplification) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2001772 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-libs - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2025924 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-libs - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-7275498 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-7412369 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3 - Description: Improper Handling of Highly Compressed Data (Data Amplification) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2002970 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2026117 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3 - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-7275492 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python3 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-7412371 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1989355 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python-libs - Description: Improper Handling of Highly Compressed Data (Data Amplification) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2002979 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python-libs - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2027199 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python-libs - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-7275486 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-7412383 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1989327 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python - Description: Improper Handling of Highly Compressed Data (Data Amplification) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2002919 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2026054 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-7275478 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-7412373 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in procps-ng - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-1989997 - Introduced through: procps-ng@3.3.10-28.el7 - From: procps-ng@3.3.10-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in procps-ng - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-1991010 - Introduced through: procps-ng@3.3.10-28.el7 - From: procps-ng@3.3.10-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in procps-ng - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-1991065 - Introduced through: procps-ng@3.3.10-28.el7 - From: procps-ng@3.3.10-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in procps-ng - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PROCPSNG-5835283 - Introduced through: procps-ng@3.3.10-28.el7 - From: procps-ng@3.3.10-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in pcre - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1951812 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in pcre - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1971374 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in pcre - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1983180 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in pcre - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1983186 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in pcre - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1983227 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in pcre - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-2004967 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-1994940 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-1996381 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2005420 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2024666 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3048408 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3371158 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5328749 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5331111 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5804695 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5812735 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Missing Required Cryptographic Step - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-6050606 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Reversible One-Way Hash - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-6150420 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-6246386 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-7412305 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openssl - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-1994959 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-1996331 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2007039 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2025846 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3048706 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3371160 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5328757 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5331115 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5804689 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5812737 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Missing Required Cryptographic Step - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-6050610 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Reversible One-Way Hash - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-6150416 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-6246380 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openssl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-7412301 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Low severity vulnerability found in openldap - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-1963951 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openldap - Description: Improper Validation of Certificate with Host Mismatch - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2005965 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in openldap - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-5660520 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in nss-tools - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2003333 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in nss-sysinit - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2003327 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in nss-softokn-freebl - Description: Incorrect Calculation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKNFREEBL-1955858 - Introduced through: nss-softokn-freebl@3.53.1-6.el7_9 - From: nss-softokn-freebl@3.53.1-6.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in nss-softokn - Description: Incorrect Calculation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKN-1958713 - Introduced through: nss-softokn@3.53.1-6.el7_9 - From: nss-softokn@3.53.1-6.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in nss - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2004596 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1970438 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1973625 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1974521 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1975175 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1975194 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1976025 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1976916 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1976967 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1977500 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1979532 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1988555 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1990250 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1990318 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-2025517 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862489 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862490 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862512 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862528 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862538 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5862558 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-6124347 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1972091 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1973112 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1974311 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1974426 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1975164 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1976134 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1976196 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1976242 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1977408 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1980452 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1990176 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1990980 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1991994 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-2028324 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862481 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862486 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862506 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862530 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862536 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5862560 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses-base - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-6124341 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1971067 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1973080 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975128 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975135 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975148 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1975223 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1976006 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1976933 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1977504 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1981664 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1990216 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1991785 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1992597 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-2027155 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862478 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862482 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862504 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862522 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862534 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5862552 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ncurses - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-6124343 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2-python - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1982929 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2-python - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1986072 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2-python - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1987699 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2-python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5952810 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2-python - Description: Buffer Over-read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-6852548 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1982911 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2 - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1986276 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1987432 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5952812 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libxml2 - Description: Buffer Over-read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-6852544 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libuuid - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-1944179 - Introduced through: libuuid@2.23.2-65.el7 - From: libuuid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libuuid - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-2026204 - Introduced through: libuuid@2.23.2-65.el7 - From: libuuid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libtasn1 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1971763 - Introduced through: libtasn1@4.10-1.el7 - From: libtasn1@4.10-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libtasn1 - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1985003 - Introduced through: libtasn1@4.10-1.el7 - From: libtasn1@4.10-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libtasn1 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1989457 - Introduced through: libtasn1@4.10-1.el7 - From: libtasn1@4.10-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1944396 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1958409 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1960099 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1961558 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962068 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962369 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962398 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1962523 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1963332 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1990592 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1995723 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2386086 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2441042 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libstdc++ - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-3012204 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libssh2 - Description: Unchecked Return Value - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-6131682 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libmount - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-1944085 - Introduced through: libmount@2.23.2-65.el7 - From: libmount@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libmount - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-2026187 - Introduced through: libmount@2.23.2-65.el7 - From: libmount@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libidn - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1943056 - Introduced through: libidn@1.28-4.el7 - From: libidn@1.28-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libidn - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1953391 - Introduced through: libidn@1.28-4.el7 - From: libidn@1.28-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libidn - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1965942 - Introduced through: libidn@1.28-4.el7 - From: libidn@1.28-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libidn - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1966319 - Introduced through: libidn@1.28-4.el7 - From: libidn@1.28-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libidn - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1966514 - Introduced through: libidn@1.28-4.el7 - From: libidn@1.28-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libidn - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBIDN-1977845 - Introduced through: libidn@1.28-4.el7 - From: libidn@1.28-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcrypt - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1938424 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcrypt - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1943863 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1944360 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1958647 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1960525 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1960738 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1961094 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1962115 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1962355 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1962716 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1963266 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1990534 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1996602 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2385990 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2441014 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libgcc - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-3012228 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libdb-utils - Description: Improper Access Control - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDBUTILS-2002369 - Introduced through: libdb-utils@5.3.21-25.el7 - From: libdb-utils@5.3.21-25.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libdb - Description: Improper Access Control - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDB-2001052 - Introduced through: libdb@5.3.21-25.el7 - From: libdb@5.3.21-25.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1951978 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1968088 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1968233 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969858 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969953 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1970361 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1971205 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1982843 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1992039 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Untrusted Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2015843 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Use of Uninitialized Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017371 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Use of Uninitialized Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017387 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823585 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Improper Validation of Syntactic Correctness of Input - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3013791 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3179690 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:7.29.0-59.el7_9.2 - -✗ Low severity vulnerability found in libcurl - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367077 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-5561466 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcurl - Description: External Control of File Name or Path - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-5960375 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcom_err - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCOMERR-1942721 - Introduced through: libcom_err@1.42.9-19.el7 - From: libcom_err@1.42.9-19.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libcap - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCAP-5660540 - Introduced through: libcap@2.22-11.el7 - From: libcap@2.22-11.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libblkid - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-1945786 - Introduced through: libblkid@2.23.2-65.el7 - From: libblkid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in libblkid - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-2025172 - Introduced through: libblkid@2.23.2-65.el7 - From: libblkid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in krb5-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1971330 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in krb5-libs - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-6335240 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in krb5-libs - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-6335416 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gpgme - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GPGME-1941077 - Introduced through: gpgme@1.3.2-5.el7 - From: gpgme@1.3.2-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gnupg2 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1940637 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gnupg2 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1942097 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gnupg2 - Description: Incorrect Calculation of Buffer Size - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1942430 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gnupg2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1944098 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gnupg2 - Description: Missing Required Cryptographic Step - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1994985 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gnupg2 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-3024686 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1940217 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1951775 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1952114 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Improper Data Handling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1953625 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1956406 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1977079 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2009845 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc-common - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2022097 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1939134 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1952062 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Improper Data Handling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1953293 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1953341 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1955476 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1977459 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2010980 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glibc - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2022555 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1972785 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1983968 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1984065 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1984573 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1991240 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-1995228 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2020186 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834061 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666250 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666266 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666272 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in glib2 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-5666280 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in gawk - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GAWK-5821357 - Introduced through: gawk@4.0.2-4.el7_3.1 - From: gawk@4.0.2-4.el7_3.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in file-libs - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-FILELIBS-1942004 - Introduced through: file-libs@5.11-37.el7 - From: file-libs@5.11-37.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in file-libs - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-FILELIBS-1953839 - Introduced through: file-libs@5.11-37.el7 - From: file-libs@5.11-37.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in file-libs - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-FILELIBS-5874089 - Introduced through: file-libs@5.11-37.el7 - From: file-libs@5.11-37.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1968621 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1954996 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1957865 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1983303 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1983525 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1984233 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1984904 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1986235 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1986335 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-1986437 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-5851057 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBS-6257926 - Introduced through: elfutils-libs@0.176-5.el7 - From: elfutils-libs@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1956791 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1958047 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1983453 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1983476 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1984834 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985009 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985204 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985205 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-1985603 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-5851059 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-libelf - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSLIBELF-6257913 - Introduced through: elfutils-libelf@0.176-5.el7 - From: elfutils-libelf@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1956853 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1957924 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1984852 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1984930 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1984950 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985035 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985136 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985232 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-1985608 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-5851067 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in elfutils-default-yama-scope - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ELFUTILSDEFAULTYAMASCOPE-6257922 - Introduced through: elfutils-default-yama-scope@0.176-5.el7 - From: elfutils-default-yama-scope@0.176-5.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in device-mapper-libs - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DEVICEMAPPERLIBS-2014867 - Introduced through: device-mapper-libs@7:1.02.170-6.el7 - From: device-mapper-libs@7:1.02.170-6.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in device-mapper - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DEVICEMAPPER-2014658 - Introduced through: device-mapper@7:1.02.170-6.el7 - From: device-mapper@7:1.02.170-6.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1938369 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1938510 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus-libs - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1939957 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus-libs - Description: Algorithmic Complexity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1940623 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus-libs - Description: Improper Authorization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1942088 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-2014154 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus - Description: Algorithmic Complexity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1938761 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1938877 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1940326 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1940727 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus - Description: Improper Authorization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1941918 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in dbus - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-2012927 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1952033 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1968661 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969343 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969802 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969881 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969969 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1970292 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1982899 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1992007 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Untrusted Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2014763 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Use of Uninitialized Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2017392 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Use of Uninitialized Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2017414 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823591 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Improper Validation of Syntactic Correctness of Input - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3013781 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3179636 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:7.29.0-59.el7_9.2 - -✗ Low severity vulnerability found in curl - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367093 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-5561468 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in curl - Description: External Control of File Name or Path - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-5960373 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in cracklib-dicts - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CRACKLIBDICTS-1967091 - Introduced through: cracklib-dicts@2.9.0-11.el7 - From: cracklib-dicts@2.9.0-11.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in cracklib - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CRACKLIB-1964928 - Introduced through: cracklib@2.9.0-11.el7 - From: cracklib@2.9.0-11.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in cpio - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-1942162 - Introduced through: cpio@2.11-28.el7 - From: cpio@2.11-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in cpio - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-1957463 - Introduced through: cpio@2.11-28.el7 - From: cpio@2.11-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in cpio - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-6229986 - Introduced through: cpio@2.11-28.el7 - From: cpio@2.11-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1943168 - Introduced through: coreutils@8.22-24.el7 - From: coreutils@8.22-24.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in coreutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1943437 - Introduced through: coreutils@8.22-24.el7 - From: coreutils@8.22-24.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in coreutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1944972 - Introduced through: coreutils@8.22-24.el7 - From: coreutils@8.22-24.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in ca-certificates - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CACERTIFICATES-6055613 - Introduced through: ca-certificates@2020.2.41-70.0.el7_8 - From: ca-certificates@2020.2.41-70.0.el7_8 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in bzip2-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BZIP2LIBS-1960508 - Introduced through: bzip2-libs@1.0.6-13.el7 - From: bzip2-libs@1.0.6-13.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in bzip2-libs - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BZIP2LIBS-1993646 - Introduced through: bzip2-libs@1.0.6-13.el7 - From: bzip2-libs@1.0.6-13.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1942169 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1949868 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1959519 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960002 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960072 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960362 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1960688 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1962483 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1963252 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1963879 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1973019 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974322 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974370 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974526 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974529 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974535 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974552 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974563 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1974591 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975078 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975099 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975173 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975352 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975602 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975644 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1975922 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976222 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976248 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976275 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976392 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976543 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976545 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1976590 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977089 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977396 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977547 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977616 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977696 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977727 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977734 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977887 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977891 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1977913 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1978293 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1978868 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1978892 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979032 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979074 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979338 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979493 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979555 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979624 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1979892 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980218 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980418 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980516 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1980564 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981013 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981041 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981583 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981754 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1981784 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983223 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983618 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983705 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983745 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983766 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1983833 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984250 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984664 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984683 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1984798 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985134 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985155 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985322 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985323 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Null Termination - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985326 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985631 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985874 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986157 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986169 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986273 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986682 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1986710 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987232 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987241 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987269 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987549 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987574 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987616 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987666 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987672 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987685 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987906 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987968 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987992 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1987995 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1988964 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1988992 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989073 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989093 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989149 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989348 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989371 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1989439 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990067 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990075 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990117 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990275 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990564 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990582 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990662 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990671 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1990690 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991342 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991481 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991542 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991620 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991748 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1991942 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992123 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992226 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992330 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992754 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992975 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993000 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993147 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993181 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993580 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1993912 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1994081 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1995216 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1997319 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1999141 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2006767 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2007634 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2007755 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2007832 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2010954 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012294 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012339 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Use of Uninitialized Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012841 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2012950 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2013149 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3012246 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3018576 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Use of Uninitialized Variable - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3316097 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3316105 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Use of Uninitialized Variable - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3316117 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5417801 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857513 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857516 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857532 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857583 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in binutils - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-5857589 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in bind-license - Description: Authentication Bypass - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-1938248 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in bind-license - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-1966395 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Low severity vulnerability found in bash - Description: Privilege Dropping / Lowering Errors - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BASH-1998407 - Introduced through: bash@4.2.46-34.el7 - From: bash@4.2.46-34.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in zlib - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ZLIB-2977274 - Introduced through: zlib@1.2.7-18.el7 - From: zlib@1.2.7-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:1.2.7-21.el7_9 - -✗ Medium severity vulnerability found in zlib - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ZLIB-5971504 - Introduced through: zlib@1.2.7-18.el7 - From: zlib@1.2.7-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: OS Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2002103 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2025969 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2026497 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2026823 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2308071 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2308083 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2339232 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2339492 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2385982 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2814306 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in vim-minimal - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-VIMMINIMAL-2814308 - Introduced through: vim-minimal@2:7.4.629-7.el7 - From: vim-minimal@2:7.4.629-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in util-linux - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-1942353 - Introduced through: util-linux@2.23.2-65.el7 - From: util-linux@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in util-linux - Description: Privilege Context Switching Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-1960910 - Introduced through: util-linux@2.23.2-65.el7 - From: util-linux@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in util-linux - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-2401559 - Introduced through: util-linux@2.23.2-65.el7 - From: util-linux@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in util-linux - Description: OS Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-UTILLINUX-5898178 - Introduced through: util-linux@2.23.2-65.el7 - From: util-linux@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-1937456 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in tar - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-1965994 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in tar - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-TAR-3310895 - Introduced through: tar@2:1.26-35.el7 - From: tar@2:1.26-35.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1938711 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1982654 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-1991599 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Incorrect Authorization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2001728 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Missing Authentication for Critical Function - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2004528 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2005081 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2336835 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3098051 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Deadlock - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3150686 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3179730 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd-libs - Description: CVE-2023-26604 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-3342257 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1938368 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1982090 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-1993128 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Incorrect Authorization - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2002339 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Missing Authentication for Critical Function - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2004853 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Expected Behavior Violation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2006239 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2336825 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3098031 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Deadlock - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3150690 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3179648 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in systemd - Description: CVE-2023-26604 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-3342253 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1950788 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1982972 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1993754 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1995542 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Use of Uninitialized Resource - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1996537 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1998360 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1999376 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-1999575 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Unchecked Error Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2000154 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2000719 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Unchecked Error Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2001310 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2001528 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2003546 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2004865 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Improper Validation of Array Index - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-2960017 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-3010032 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in sqlite - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SQLITE-5422018 - Introduced through: sqlite@3.7.17-8.el7_7.1 - From: sqlite@3.7.17-8.el7_7.1 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-1983859 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-1985857 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2022693 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2022818 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2023286 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2023287 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2023547 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-python - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMPYTHON-2186730 - Introduced through: rpm-python@4.11.3-45.el7 - From: rpm-python@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:4.11.3-48.el7_9 - -✗ Medium severity vulnerability found in rpm-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-1984397 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-1985279 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2022737 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2022900 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2024536 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2025459 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2025518 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-libs - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMLIBS-2187549 - Introduced through: rpm-libs@4.11.3-45.el7 - From: rpm-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:4.11.3-48.el7_9 - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-1983047 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-1984822 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2022563 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2022791 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2022873 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2023392 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2024096 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm-build-libs - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPMBUILDLIBS-2186657 - Introduced through: rpm-build-libs@4.11.3-45.el7 - From: rpm-build-libs@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:4.11.3-48.el7_9 - -✗ Medium severity vulnerability found in rpm - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-1984450 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-1984546 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2021206 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2022545 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2023192 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2023211 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2023565 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in rpm - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-RPM-2186841 - Introduced through: rpm@4.11.3-45.el7 - From: rpm@4.11.3-45.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:4.11.3-48.el7_9 - -✗ Medium severity vulnerability found in python3-setuptools - Description: Incorrect Regular Expression - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3SETUPTOOLS-3227010 - Introduced through: python3-setuptools@39.2.0-10.el7 - From: python3-setuptools@39.2.0-10.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-2000456 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-2837986 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-5952828 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-5970499 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-6101854 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Always-Incorrect Control Flow Implementation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-6962093 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-pip - Description: Incorrect Resource Transfer Between Spheres - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3PIP-7297942 - Introduced through: python3-pip@9.0.3-8.el7 - From: python3-pip@9.0.3-8.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-1997816 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2010067 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Eval Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2010179 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2017006 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2020693 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2022899 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2023989 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Unchecked Return Value - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2328132 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2387320 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2766845 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Open Redirect - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-2991236 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3017285 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3111051 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3136145 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5499645 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5751494 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5902156 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5915249 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-6062934 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-6063038 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3-libs - Description: Multiple Interpretations of UI Input - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-6688270 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-1998403 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2008957 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Eval Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2010411 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2018889 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2021729 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2024021 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2027051 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Unchecked Return Value - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2328134 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2387310 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2766843 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Open Redirect - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-2991244 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3017291 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3111014 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3136127 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5499629 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5751478 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5902144 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5915251 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-6062938 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-6063034 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python3 - Description: Multiple Interpretations of UI Input - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-6688264 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Cryptographic Issues - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1937092 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1937990 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1938432 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1972247 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-1997331 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2007337 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-92.el7_9 - -✗ Medium severity vulnerability found in python-libs - Description: Eval Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2010260 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2018864 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2021979 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-92.el7_9 - -✗ Medium severity vulnerability found in python-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2027058 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2181035 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-90.el7 - -✗ Medium severity vulnerability found in python-libs - Description: Unchecked Return Value - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2328116 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2387322 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2838244 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-2936577 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-92.el7_9 - -✗ Medium severity vulnerability found in python-libs - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3017267 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3111000 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3136125 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5499651 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5751468 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5902160 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5915259 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-6063032 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python-libs - Description: Multiple Interpretations of UI Input - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-6688256 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Cryptographic Issues - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1937534 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1937876 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1938462 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1971231 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-1996114 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2009869 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-92.el7_9 - -✗ Medium severity vulnerability found in python - Description: Eval Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2011503 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2017975 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2022918 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-92.el7_9 - -✗ Medium severity vulnerability found in python - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2025640 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2178649 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-90.el7 - -✗ Medium severity vulnerability found in python - Description: Unchecked Return Value - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2328108 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2387342 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2838236 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: HTTP Response Splitting - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-2936581 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-92.el7_9 - -✗ Medium severity vulnerability found in python - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3017265 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3110982 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3136135 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5499637 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5751492 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5902146 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5915255 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-6063042 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in python - Description: Multiple Interpretations of UI Input - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-6688254 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in pcre - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1981489 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in pcre - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PCRE-1982295 - Introduced through: pcre@8.32-17.el7 - From: pcre@8.32-17.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in pam - Description: Insecure Inherited Permissions - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PAM-6181078 - Introduced through: pam@1.1.8-23.el7 - From: pam@1.1.8-23.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in p11-kit-trust - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KITTRUST-2012548 - Introduced through: p11-kit-trust@0.23.5-3.el7 - From: p11-kit-trust@0.23.5-3.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in p11-kit-trust - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KITTRUST-2013605 - Introduced through: p11-kit-trust@0.23.5-3.el7 - From: p11-kit-trust@0.23.5-3.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in p11-kit - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KIT-2010715 - Introduced through: p11-kit@0.23.5-3.el7 - From: p11-kit@0.23.5-3.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in p11-kit - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-P11KIT-2011663 - Introduced through: p11-kit@0.23.5-3.el7 - From: p11-kit@0.23.5-3.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Client-Side Enforcement of Server-Side Security - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-1994852 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2025480 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 1:1.0.2k-23.el7_9 - -✗ Medium severity vulnerability found in openssl-libs - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2808317 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2833894 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2933996 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3316028 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3316063 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-5662623 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openssl - Description: Client-Side Enforcement of Server-Side Security - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-1996407 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openssl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2025809 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - Fixed in: 1:1.0.2k-23.el7_9 - -✗ Medium severity vulnerability found in openssl - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2808319 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openssl - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2833962 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openssl - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2934008 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openssl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3316057 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openssl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3316121 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openssl - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-5662615 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - -✗ Medium severity vulnerability found in openldap - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-1993738 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Improper Access Control - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-1995396 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2008368 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.4.44-25.el7_9 - -✗ Medium severity vulnerability found in openldap - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2008794 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.4.44-25.el7_9 - -✗ Medium severity vulnerability found in openldap - Description: Release of Invalid Pointer or Reference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012260 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Improper Handling of Length Parameter Inconsistency - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012320 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Integer Underflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012362 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012598 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2012810 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2013192 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2013287 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Release of Invalid Pointer or Reference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2013339 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2014441 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2014611 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2020930 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in openldap - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2183644 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.4.44-23.el7_9 - -✗ Medium severity vulnerability found in openldap - Description: SQL Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENLDAP-2808614 - Introduced through: openldap@2.4.44-22.el7 - From: openldap@2.4.44-22.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-1967848 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: Missing Required Cryptographic Step - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-1971719 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-1991575 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2183750 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.53.1-7.el7_9 - -✗ Medium severity vulnerability found in nss-tools - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2833896 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2834245 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-5961892 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-tools - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-6151988 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: Missing Required Cryptographic Step - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-1968565 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-1970987 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-1993200 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2185854 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.53.1-7.el7_9 - -✗ Medium severity vulnerability found in nss-sysinit - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2833918 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2834257 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-5961894 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-sysinit - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-6151992 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-softokn-freebl - Description: Incorrect Conversion between Numeric Types - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKNFREEBL-1984840 - Introduced through: nss-softokn-freebl@3.53.1-6.el7_9 - From: nss-softokn-freebl@3.53.1-6.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-softokn-freebl - Description: Improperly Implemented Security Check for Standard - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKNFREEBL-2833942 - Introduced through: nss-softokn-freebl@3.53.1-6.el7_9 - From: nss-softokn-freebl@3.53.1-6.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-softokn - Description: Incorrect Conversion between Numeric Types - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKN-1986314 - Introduced through: nss-softokn@3.53.1-6.el7_9 - From: nss-softokn@3.53.1-6.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss-softokn - Description: Improperly Implemented Security Check for Standard - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSOFTOKN-2833944 - Introduced through: nss-softokn@3.53.1-6.el7_9 - From: nss-softokn@3.53.1-6.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-1969936 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: Missing Required Cryptographic Step - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-1971701 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-1991539 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2183624 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.53.1-7.el7_9 - -✗ Medium severity vulnerability found in nss - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2833964 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2834247 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-5961896 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nss - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-6151996 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in nspr - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSPR-1958603 - Introduced through: nspr@4.25.0-2.el7_9 - From: nspr@4.25.0-2.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-libs - Description: Use of Externally-Controlled Format String - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1973224 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-libs - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1973258 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1996069 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-1997391 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-libs - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESLIBS-5489424 - Introduced through: ncurses-libs@5.9-14.20130511.el7_4 - From: ncurses-libs@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-base - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1970833 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-base - Description: Use of Externally-Controlled Format String - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1970855 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1995788 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-base - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-1995930 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses-base - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSESBASE-5489418 - Introduced through: ncurses-base@5.9-14.20130511.el7_4 - From: ncurses-base@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses - Description: Use of Externally-Controlled Format String - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1970096 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1972040 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1997261 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-1998303 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in ncurses - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NCURSES-5489414 - Introduced through: ncurses@5.9-14.20130511.el7_4 - From: ncurses@5.9-14.20130511.el7_4 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in lz4 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LZ4-1995944 - Introduced through: lz4@1.8.3-1.el7 - From: lz4@1.8.3-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in lz4 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LZ4-2022180 - Introduced through: lz4@1.8.3-1.el7 - From: lz4@1.8.3-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in lua - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LUA-1941172 - Introduced through: lua@5.1.4-15.el7 - From: lua@5.1.4-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in lua - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LUA-2388267 - Introduced through: lua@5.1.4-15.el7 - From: lua@5.1.4-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1961708 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1968462 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1970284 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1980502 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1981170 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1983829 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1985438 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1986644 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-1988292 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2009090 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2022186 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2023399 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2023708 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2023870 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2024915 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2185571 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.9.1-6.el7_9.6 - -✗ Medium severity vulnerability found in libxml2-python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2412320 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2809237 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Cross-site Scripting (XSS) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-2964632 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-3057749 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-3057771 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5419771 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5419845 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-5877052 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2-python - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2PYTHON-6227837 - Introduced through: libxml2-python@2.9.1-6.el7.5 - From: libxml2-python@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1963063 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1970179 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1971170 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1979574 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1980273 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1982867 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1986245 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1986322 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-1988246 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2008774 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2022472 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2022733 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2023352 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2023720 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2024089 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2187205 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.9.1-6.el7_9.6 - -✗ Medium severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2412229 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2809239 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Cross-site Scripting (XSS) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-2964634 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-3057753 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-3057761 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5419773 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5419847 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-5877050 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBXML2-6227835 - Introduced through: libxml2@2.9.1-6.el7.5 - From: libxml2@2.9.1-6.el7.5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libuuid - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-1942407 - Introduced through: libuuid@2.23.2-65.el7 - From: libuuid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libuuid - Description: Privilege Context Switching Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-1959616 - Introduced through: libuuid@2.23.2-65.el7 - From: libuuid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libuuid - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-2401639 - Introduced through: libuuid@2.23.2-65.el7 - From: libuuid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libuuid - Description: OS Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBUUID-5898180 - Introduced through: libuuid@2.23.2-65.el7 - From: libuuid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libtirpc - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTIRPC-1960349 - Introduced through: libtirpc@0.2.4-0.16.el7 - From: libtirpc@0.2.4-0.16.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libtirpc - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTIRPC-2957886 - Introduced through: libtirpc@0.2.4-0.16.el7 - From: libtirpc@0.2.4-0.16.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libtasn1 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1962283 - Introduced through: libtasn1@4.10-1.el7 - From: libtasn1@4.10-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libtasn1 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-1992987 - Introduced through: libtasn1@4.10-1.el7 - From: libtasn1@4.10-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libtasn1 - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBTASN1-3104745 - Introduced through: libtasn1@4.10-1.el7 - From: libtasn1@4.10-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1938766 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1990491 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-1997131 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2007863 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Cross-site Scripting (XSS) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2008634 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2011486 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2011831 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2011892 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2018439 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2029265 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libstdc++ - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSTDC-2838386 - Introduced through: libstdc++@4.8.5-44.el7 - From: libstdc++@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libssh2 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-1993789 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libssh2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-2000708 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libssh2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-2000774 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libssh2 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-5499625 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libssh2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-5873858 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:1.8.0-4.el7_9.1 - -✗ Medium severity vulnerability found in libssh2 - Description: Truncation of Security-relevant Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSSH2-6131658 - Introduced through: libssh2@1.8.0-4.el7 - From: libssh2@1.8.0-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libsepol - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2023461 - Introduced through: libsepol@2.5-10.el7 - From: libsepol@2.5-10.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libsepol - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2023587 - Introduced through: libsepol@2.5-10.el7 - From: libsepol@2.5-10.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libsepol - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2024534 - Introduced through: libsepol@2.5-10.el7 - From: libsepol@2.5-10.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libsepol - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBSEPOL-2025917 - Introduced through: libsepol@2.5-10.el7 - From: libsepol@2.5-10.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libmount - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-1940061 - Introduced through: libmount@2.23.2-65.el7 - From: libmount@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libmount - Description: Privilege Context Switching Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-1959622 - Introduced through: libmount@2.23.2-65.el7 - From: libmount@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libmount - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-2401513 - Introduced through: libmount@2.23.2-65.el7 - From: libmount@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libmount - Description: OS Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBMOUNT-5898174 - Introduced through: libmount@2.23.2-65.el7 - From: libmount@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcrypt - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1940446 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcrypt - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1984596 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcrypt - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-1995158 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcrypt - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-2022570 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcrypt - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-2026262 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcrypt - Description: Covert Timing Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCRYPT-6411288 - Introduced through: libgcrypt@1.5.3-14.el7 - From: libgcrypt@1.5.3-14.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1941609 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1990683 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-1998132 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2006936 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Cross-site Scripting (XSS) - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2008630 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2011161 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2012006 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2013199 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2019988 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2028192 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libgcc - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBGCC-2838422 - Introduced through: libgcc@4.8.5-44.el7 - From: libgcc@4.8.5-44.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libdb-utils - Description: CVE-2017-10140 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDBUTILS-1970172 - Introduced through: libdb-utils@5.3.21-25.el7 - From: libdb-utils@5.3.21-25.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libdb - Description: CVE-2017-10140 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBDB-1973226 - Introduced through: libdb@5.3.21-25.el7 - From: libdb@5.3.21-25.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1943212 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Resource Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1967334 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969082 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969499 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969559 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1969909 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1970504 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1972254 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-1986353 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2012827 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2014233 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017276 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2017347 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2018012 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2018654 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2177042 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:7.29.0-59.el7_9.1 - -✗ Medium severity vulnerability found in libcurl - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2804284 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2804294 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2814316 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2814342 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Release of Invalid Pointer or Reference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823575 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823589 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2823597 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Improper Enforcement of Message Integrity During Transmission in a Communication Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-2936573 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3179638 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367087 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367089 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-3367095 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-5561321 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcurl - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCURL-6507896 - Introduced through: libcurl@7.29.0-59.el7 - From: libcurl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcom_err - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCOMERR-1941906 - Introduced through: libcom_err@1.42.9-19.el7 - From: libcom_err@1.42.9-19.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcom_err - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCOMERR-2634812 - Introduced through: libcom_err@1.42.9-19.el7 - From: libcom_err@1.42.9-19.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libcap - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBCAP-5660496 - Introduced through: libcap@2.22-11.el7 - From: libcap@2.22-11.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libblkid - Description: Arbitrary Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-1942365 - Introduced through: libblkid@2.23.2-65.el7 - From: libblkid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libblkid - Description: Privilege Context Switching Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-1958357 - Introduced through: libblkid@2.23.2-65.el7 - From: libblkid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libblkid - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-2401567 - Introduced through: libblkid@2.23.2-65.el7 - From: libblkid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in libblkid - Description: OS Command Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-LIBBLKID-5898182 - Introduced through: libblkid@2.23.2-65.el7 - From: libblkid@2.23.2-65.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1933758 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1939329 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1944381 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1944450 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1945297 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-1979291 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-2009947 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-2023214 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-2186809 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:1.15.1-51.el7_9 - -✗ Medium severity vulnerability found in krb5-libs - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-6335350 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: CVE-2024-37370 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-7412329 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in krb5-libs - Description: CVE-2024-37371 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-7412351 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in json-c - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-JSONC-2003602 - Introduced through: json-c@0.11-4.el7_0 - From: json-c@0.11-4.el7_0 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in gnupg2 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1941578 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in gnupg2 - Description: Improper Validation of Certificate with Host Mismatch - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-1994967 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in gnupg2 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GNUPG2-2946186 - Introduced through: gnupg2@2.0.22-5.el7_5 - From: gnupg2@2.0.22-5.el7_5 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in gmp - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GMP-1933812 - Introduced through: gmp@1:6.0.0-15.el7 - From: gmp@1:6.0.0-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1937432 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1953639 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1957283 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1962825 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-1987963 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2000064 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2005240 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2024308 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2180733 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-322.el7_9 - -✗ Medium severity vulnerability found in glibc-common - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2180746 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-322.el7_9 - -✗ Medium severity vulnerability found in glibc-common - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2183682 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-322.el7_9 - -✗ Medium severity vulnerability found in glibc-common - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2336849 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2347213 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-2347573 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-5898594 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-5898616 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc-common - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-5918047 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1937915 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1951857 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1955944 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1962079 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-1985907 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2001887 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2008030 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2024140 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2179918 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-322.el7_9 - -✗ Medium severity vulnerability found in glibc - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2179922 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-322.el7_9 - -✗ Medium severity vulnerability found in glibc - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2181161 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-322.el7_9 - -✗ Medium severity vulnerability found in glibc - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2336847 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2347305 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-2347361 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-5898604 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-5898620 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glibc - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-5918053 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2020914 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2025120 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2833874 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2833900 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2833982 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834008 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834063 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Algorithmic Complexity - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2834101 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in glib2 - Description: Improper Verification of Source of a Communication Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-6826906 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1936988 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1937612 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: CVE-2013-0341 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1937914 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1962186 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Insufficient Entropy - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1964508 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-1989681 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2389213 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408789 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-3104769 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-6229966 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in expat - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-6229976 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dracut - Description: Unchecked Error Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DRACUT-1961758 - Introduced through: dracut@033-572.el7 - From: dracut@033-572.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1939853 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1940151 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: CVE-2014-3477 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-1941024 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-3048532 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-3048814 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-3048896 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus-libs - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUSLIBS-5672429 - Introduced through: dbus-libs@1:1.10.24-15.el7 - From: dbus-libs@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: CVE-2014-3477 - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1938758 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1939720 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-1940613 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-3048506 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-3048508 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-3048642 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in dbus - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-DBUS-5672427 - Introduced through: dbus@1:1.10.24-15.el7 - From: dbus@1:1.10.24-15.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in cyrus-sasl-lib - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CYRUSSASLLIB-1998440 - Introduced through: cyrus-sasl-lib@2.1.26-23.el7 - From: cyrus-sasl-lib@2.1.26-23.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1944709 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1967366 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Resource Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1967384 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969470 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969497 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1969951 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1970580 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1972264 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-1986484 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2014293 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2014780 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2015858 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2017978 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2018604 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2018677 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2178444 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:7.29.0-59.el7_9.1 - -✗ Medium severity vulnerability found in curl - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2804286 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2804290 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2814320 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2814344 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Release of Invalid Pointer or Reference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823593 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823595 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2823599 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Improper Enforcement of Message Integrity During Transmission in a Communication Channel - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-2936571 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3179644 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367079 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367083 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-3367085 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-5561323 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in curl - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CURL-6507898 - Introduced through: curl@7.29.0-59.el7 - From: curl@7.29.0-59.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in cpio - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-2026901 - Introduced through: cpio@2.11-28.el7 - From: cpio@2.11-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in cpio - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CPIO-6335414 - Introduced through: cpio@2.11-28.el7 - From: cpio@2.11-28.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in coreutils - Description: Privilege Context Switching Error - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1959556 - Introduced through: coreutils@8.22-24.el7 - From: coreutils@8.22-24.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-COREUTILS-1981234 - Introduced through: coreutils@8.22-24.el7 - From: coreutils@8.22-24.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985054 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1985116 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-1992263 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2000038 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2000046 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2001208 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2005060 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2006532 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2015004 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2015986 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2188035 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.27-44.base.el7_9.1 - -✗ Medium severity vulnerability found in binutils - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2316509 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-2321861 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3157253 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in binutils - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINUTILS-3371236 - Introduced through: binutils@2.27-44.base.el7 - From: binutils@2.27-44.base.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in bind-license - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2019001 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in bind-license - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2177821 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.2 - -✗ Medium severity vulnerability found in bind-license - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2178678 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.2 - -✗ Medium severity vulnerability found in bind-license - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2178790 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.2 - -✗ Medium severity vulnerability found in bind-license - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2187607 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.7 - -✗ Medium severity vulnerability found in bind-license - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2428885 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.13 - -✗ Medium severity vulnerability found in bind-license - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3030781 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.13 - -✗ Medium severity vulnerability found in bind-license - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3248797 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in bash - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BASH-1938975 - Introduced through: bash@4.2.46-34.el7 - From: bash@4.2.46-34.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ Medium severity vulnerability found in audit-libs - Description: Improper Neutralization of Special Elements - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-AUDITLIBS-1946701 - Introduced through: audit-libs@2.8.5-4.el7 - From: audit-libs@2.8.5-4.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ High severity vulnerability found in zlib - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-ZLIB-2434395 - Introduced through: zlib@1.2.7-18.el7 - From: zlib@1.2.7-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:1.2.7-20.el7_9 - -✗ High severity vulnerability found in xz-libs - Description: Incorrect Behavior Order: Early Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-XZLIBS-2860632 - Introduced through: xz-libs@5.2.2-1.el7 - From: xz-libs@5.2.2-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:5.2.2-2.el7_9 - -✗ High severity vulnerability found in xz - Description: Incorrect Behavior Order: Early Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-XZ-2860642 - Introduced through: xz@5.2.2-1.el7 - From: xz@5.2.2-1.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:5.2.2-2.el7_9 - -✗ High severity vulnerability found in systemd-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMDLIBS-2988603 - Introduced through: systemd-libs@219-78.el7 - From: systemd-libs@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:219-78.el7_9.7 - -✗ High severity vulnerability found in systemd - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-SYSTEMD-2988609 - Introduced through: systemd@219-78.el7 - From: systemd@219-78.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:219-78.el7_9.7 - -✗ High severity vulnerability found in python3-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-3335200 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.6.8-19.el7_9 - -✗ High severity vulnerability found in python3-libs - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3LIBS-5877088 - Introduced through: python3-libs@3.6.8-18.el7 - From: python3-libs@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.6.8-21.el7_9 - -✗ High severity vulnerability found in python3 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-3335262 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.6.8-19.el7_9 - -✗ High severity vulnerability found in python3 - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON3-5877098 - Introduced through: python3@3.6.8-18.el7 - From: python3@3.6.8-18.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.6.8-21.el7_9 - -✗ High severity vulnerability found in python-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-3335320 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-93.el7_9 - -✗ High severity vulnerability found in python-libs - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHONLIBS-5900932 - Introduced through: python-libs@2.7.5-89.el7 - From: python-libs@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-94.el7_9 - -✗ High severity vulnerability found in python - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-3335164 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-93.el7_9 - -✗ High severity vulnerability found in python - Description: Authentication Bypass by Primary Weakness - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-PYTHON-5900930 - Introduced through: python@2.7.5-89.el7 - From: python@2.7.5-89.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.7.5-94.el7_9 - -✗ High severity vulnerability found in openssl-libs - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-2426991 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 1:1.0.2k-25.el7_9 - -✗ High severity vulnerability found in openssl-libs - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSLLIBS-3316065 - Introduced through: openssl-libs@1:1.0.2k-22.el7_9 - From: openssl-libs@1:1.0.2k-22.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 1:1.0.2k-26.el7_9 - -✗ High severity vulnerability found in openssl - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-2427103 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - Fixed in: 1:1.0.2k-25.el7_9 - -✗ High severity vulnerability found in openssl - Description: Incorrect Type Conversion or Cast - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-OPENSSL-3316075 - Introduced through: openssl@1:1.0.2k-22.el7_9 - From: openssl@1:1.0.2k-22.el7_9 - Image layer: 'yum install -y python36 openssl' - Fixed in: 1:1.0.2k-26.el7_9 - -✗ High severity vulnerability found in nss-tools - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-3358198 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.79.0-5.el7_9 - -✗ High severity vulnerability found in nss-tools - Description: Not Failing Securely ('Failing Open') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-5879053 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ High severity vulnerability found in nss-sysinit - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-3358184 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.79.0-5.el7_9 - -✗ High severity vulnerability found in nss-sysinit - Description: Not Failing Securely ('Failing Open') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-5879047 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ High severity vulnerability found in nss - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-3358174 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.79.0-5.el7_9 - -✗ High severity vulnerability found in nss - Description: Not Failing Securely ('Failing Open') - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-5879043 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - -✗ High severity vulnerability found in krb5-libs - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-KRB5LIBS-3122120 - Introduced through: krb5-libs@1.15.1-50.el7 - From: krb5-libs@1.15.1-50.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:1.15.1-55.el7_9 - -✗ High severity vulnerability found in gzip - Description: Incorrect Behavior Order: Early Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GZIP-2445567 - Introduced through: gzip@1.5-10.el7 - From: gzip@1.5-10.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:1.5-11.el7_9 - -✗ High severity vulnerability found in glibc-common - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6640682 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc-common - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688278 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc-common - Description: Improper Check or Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688544 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc-common - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688564 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc-common - Description: Improper Check or Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBCCOMMON-6688796 - Introduced through: glibc-common@2.17-317.el7 - From: glibc-common@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6640656 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688276 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc - Description: Improper Check or Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688534 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688570 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glibc - Description: Improper Check or Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIBC-6688798 - Introduced through: glibc@2.17-317.el7 - From: glibc@2.17-317.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.17-326.el7_9.3 - -✗ High severity vulnerability found in glib2 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-GLIB2-2182590 - Introduced through: glib2@2.56.1-7.el7 - From: glib2@2.56.1-7.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.56.1-9.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2360977 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2360995 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Incorrect Calculation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2360997 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361031 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361051 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361057 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361075 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361077 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2361187 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Incorrect Behavior Order: Early Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408779 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408803 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Inappropriate Encoding for Output Context - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-2408807 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-14.el7_9 - -✗ High severity vulnerability found in expat - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-EXPAT-3035862 - Introduced through: expat@2.1.0-12.el7 - From: expat@2.1.0-12.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.0-15.el7_9 - -✗ High severity vulnerability found in cyrus-sasl-lib - Description: SQL Injection - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-CYRUSSASLLIB-2413149 - Introduced through: cyrus-sasl-lib@2.1.26-23.el7 - From: cyrus-sasl-lib@2.1.26-23.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:2.1.26-24.el7_9 - -✗ High severity vulnerability found in bind-license - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2181405 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.4 - -✗ High severity vulnerability found in bind-license - Description: Reachable Assertion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-2182551 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.5 - -✗ High severity vulnerability found in bind-license - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3030795 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.10 - -✗ High severity vulnerability found in bind-license - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-3030853 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.10 - -✗ High severity vulnerability found in bind-license - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-5733729 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.14 - -✗ High severity vulnerability found in bind-license - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-5913813 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.15 - -✗ High severity vulnerability found in bind-license - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-6246244 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.16 - -✗ High severity vulnerability found in bind-license - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-6246312 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.16 - -✗ High severity vulnerability found in bind-license - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-BINDLICENSE-6246418 - Introduced through: bind-license@32:9.11.4-26.P2.el7 - From: bind-license@32:9.11.4-26.P2.el7 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 32:9.11.4-26.P2.el7_9.16 - -✗ Critical severity vulnerability found in nss-tools - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSTOOLS-2308139 - Introduced through: nss-tools@3.53.1-3.el7_9 - From: nss-tools@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.67.0-4.el7_9 - -✗ Critical severity vulnerability found in nss-sysinit - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSSSYSINIT-2308141 - Introduced through: nss-sysinit@3.53.1-3.el7_9 - From: nss-sysinit@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.67.0-4.el7_9 - -✗ Critical severity vulnerability found in nss - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-CENTOS7-NSS-2308137 - Introduced through: nss@3.53.1-3.el7_9 - From: nss@3.53.1-3.el7_9 - Image layer: Introduced by your base image (centos:7.9.2009) - Fixed in: 0:3.67.0-4.el7_9 - - - -Organization: bhavdeep1304 -Package manager: rpm -Project name: docker-image|crate/crate -Docker image: crate/crate:4.6.6 -Platform: linux/amd64 -Base image: centos:7.9.2009 -Licenses: enabled - -Tested 156 dependencies for known issues, found 1221 issues. - -Base Image Vulnerabilities Severity -centos:7.9.2009 1133 3 critical, 54 high, 505 medium, 571 low - -Recommendations for base image upgrade: - -Major upgrades -Base Image Vulnerabilities Severity -centos:centos8 644 0 critical, 83 high, 328 medium, 233 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/jdk/lib -Project name: crate/crate:4.6.6:/crate/jdk/lib -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Tested 72 dependencies for known issues, found 69 issues. - - -Issues to fix by upgrading: - - Upgrade com.amazonaws:aws-java-sdk-s3@1.11.1021 to com.amazonaws:aws-java-sdk-s3@1.12.760 to fix - ✗ Directory Traversal [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMAMAZONAWS-2952700] in com.amazonaws:aws-java-sdk-s3@1.11.1021 - introduced by com.amazonaws:aws-java-sdk-s3@1.11.1021 - - Upgrade com.fasterxml.jackson.core:jackson-databind@2.11.0 to com.fasterxml.jackson.core:jackson-databind@2.12.7.1 to fix - ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038424] in com.fasterxml.jackson.core:jackson-databind@2.11.0 - introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 - ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-3038426] in com.fasterxml.jackson.core:jackson-databind@2.11.0 - introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 - ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698] in com.fasterxml.jackson.core:jackson-databind@2.11.0 - introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-2421244] in com.fasterxml.jackson.core:jackson-databind@2.11.0 - introduced by com.fasterxml.jackson.core:jackson-databind@2.11.0 - - Upgrade com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.0 to com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.4 to fix - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329] in com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.0 - introduced by com.fasterxml.jackson.dataformat:jackson-dataformat-cbor@2.11.0 - - Upgrade com.google.guava:guava@30.0-jre to com.google.guava:guava@32.0.0-jre to fix - ✗ Creation of Temporary File in Directory with Insecure Permissions [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-5710356] in com.google.guava:guava@30.0-jre - introduced by com.google.guava:guava@30.0-jre - - Upgrade commons-codec:commons-codec@1.10 to commons-codec:commons-codec@1.13 to fix - ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMMONSCODEC-561518] in commons-codec:commons-codec@1.10 - introduced by commons-codec:commons-codec@1.10 - - Upgrade io.netty:netty-codec@4.1.65.Final to io.netty:netty-codec@4.1.68.Final to fix - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584063] in io.netty:netty-codec@4.1.65.Final - introduced by io.netty:netty-codec@4.1.65.Final - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584064] in io.netty:netty-codec@4.1.65.Final - introduced by io.netty:netty-codec@4.1.65.Final - - Upgrade io.netty:netty-codec-http@4.1.65.Final to io.netty:netty-codec-http@4.1.108.Final to fix - ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-6483812] in io.netty:netty-codec-http@4.1.65.Final - introduced by io.netty:netty-codec-http@4.1.65.Final - ✗ HTTP Request Smuggling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-2314893] in io.netty:netty-codec-http@4.1.65.Final - introduced by io.netty:netty-codec-http@4.1.65.Final - - Upgrade io.netty:netty-common@4.1.65.Final to io.netty:netty-common@4.1.77.Final to fix - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-2812456] in io.netty:netty-common@4.1.65.Final - introduced by io.netty:netty-common@4.1.65.Final - - Upgrade io.netty:netty-handler@4.1.65.Final to io.netty:netty-handler@4.1.94.Final to fix - ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-5725787] in io.netty:netty-handler@4.1.65.Final - introduced by io.netty:netty-handler@4.1.65.Final - - Upgrade org.apache.httpcomponents:httpclient@4.5.12 to org.apache.httpcomponents:httpclient@4.5.13 to fix - ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHTTPCOMPONENTS-1048058] in org.apache.httpcomponents:httpclient@4.5.12 - introduced by org.apache.httpcomponents:httpclient@4.5.12 - - Upgrade org.apache.logging.log4j:log4j-core@2.15.0 to org.apache.logging.log4j:log4j-core@2.17.1 to fix - ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2327339] in org.apache.logging.log4j:log4j-core@2.15.0 - introduced by org.apache.logging.log4j:log4j-core@2.15.0 - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2321524] in org.apache.logging.log4j:log4j-core@2.15.0 - introduced by org.apache.logging.log4j:log4j-core@2.15.0 - ✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2320014] in org.apache.logging.log4j:log4j-core@2.15.0 - introduced by org.apache.logging.log4j:log4j-core@2.15.0 - - Upgrade org.graalvm.sdk:graal-sdk@21.1.0 to org.graalvm.sdk:graal-sdk@21.3.10 to fix - ✗ Denial of Service (DoS) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6616648] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Access Control [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6616653] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Privilege Management [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6160948] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6252366] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Access Control Bypass [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6252368] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Denial of Service (DoS) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781367] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Access Restriction Bypass [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781369] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781371] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781373] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Access Restriction Bypass [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781378] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Input Validation [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457921] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Neutralization of Null Byte or NUL Character [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457923] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Remote Code Execution (RCE) [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457931] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Deserialization of Untrusted Data [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343470] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Timing Attack [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-1766242] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164695] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164698] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Insertion of Sensitive Information into Log File [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164701] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164710] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Access Control [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5781374] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457925] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457927] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457929] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Out-of-bounds Write [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343466] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343474] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343477] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343487] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343490] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2343493] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Infinite loop [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346391] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346393] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Integer Overflow or Wraparound [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346395] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346397] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Uncaught Exception [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346426] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Input Validation [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346453] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Integer Overflow or Wraparound [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2346571] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Allocation of Resources Without Limits or Throttling [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-2347581] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Access Control [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-1765539] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Access Restriction Bypass [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-1766172] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Covert Timing Channel [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6162757] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Privilege Management [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6163607] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Improper Privilege Management [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-6164703] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - ✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGGRAALVMSDK-5457933] in org.graalvm.sdk:graal-sdk@21.1.0 - introduced by org.graalvm.sdk:graal-sdk@21.1.0 - - Upgrade org.yaml:snakeyaml@1.26 to org.yaml:snakeyaml@2.0 to fix - ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016888] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3113851] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - ✗ Stack-based Buffer Overflow [Low Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016889] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - ✗ Arbitrary Code Execution [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3152153] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - ✗ Stack-based Buffer Overflow [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-3016891] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-6056527] in org.yaml:snakeyaml@1.26 - introduced by org.yaml:snakeyaml@1.26 - - -Issues with no direct upgrade or patch: - ✗ Allocation of Resources Without Limits or Throttling [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-SOFTWAREAMAZONION-6153869] in software.amazon.ion:ion-java@1.0.2 - introduced by software.amazon.ion:ion-java@1.0.2 - No upgrade or patch available - - - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/lib -Project name: crate/crate:4.6.6:/crate/lib -Docker image: crate/crate:4.6.6 -Licenses: enabled - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test crate/crate:4.6.6 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/azure-discovery -Project name: crate/crate:4.6.6:/crate/plugins/azure-discovery -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/es-analysis-common -Project name: crate/crate:4.6.6:/crate/plugins/es-analysis-common -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/es-analysis-phonetic -Project name: crate/crate:4.6.6:/crate/plugins/es-analysis-phonetic -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested 1 dependencies for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/es-repository-azure -Project name: crate/crate:4.6.6:/crate/plugins/es-repository-azure -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested 2 dependencies for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Tested 9 dependencies for known issues, found 13 issues. - - -Issues to fix by upgrading: - - Upgrade com.google.protobuf:protobuf-java@2.5.0 to com.google.protobuf:protobuf-java@3.16.3 to fix - ✗ Denial of Service (DoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3040284] in com.google.protobuf:protobuf-java@2.5.0 - introduced by com.google.protobuf:protobuf-java@2.5.0 - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-3167772] in com.google.protobuf:protobuf-java@2.5.0 - introduced by com.google.protobuf:protobuf-java@2.5.0 - ✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703] in com.google.protobuf:protobuf-java@2.5.0 - introduced by com.google.protobuf:protobuf-java@2.5.0 - ✗ Integer Overflow [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-173761] in com.google.protobuf:protobuf-java@2.5.0 - introduced by com.google.protobuf:protobuf-java@2.5.0 - - Upgrade org.apache.hadoop:hadoop-common@2.8.1 to org.apache.hadoop:hadoop-common@2.10.2 to fix - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-1014640] in org.apache.hadoop:hadoop-common@2.8.1 - introduced by org.apache.hadoop:hadoop-common@2.8.1 - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-461004] in org.apache.hadoop:hadoop-common@2.8.1 - introduced by org.apache.hadoop:hadoop-common@2.8.1 - ✗ Arbitrary File Write via Archive Extraction (Zip Slip) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-2443177] in org.apache.hadoop:hadoop-common@2.8.1 - introduced by org.apache.hadoop:hadoop-common@2.8.1 - ✗ Arbitrary Code Execution [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-2975400] in org.apache.hadoop:hadoop-common@2.8.1 - introduced by org.apache.hadoop:hadoop-common@2.8.1 - ✗ Arbitrary File Write via Archive Extraction (Zip Slip) [Critical Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-174573] in org.apache.hadoop:hadoop-common@2.8.1 - introduced by org.apache.hadoop:hadoop-common@2.8.1 - - Upgrade org.apache.hadoop:hadoop-hdfs@2.8.1 to org.apache.hadoop:hadoop-hdfs@3.3.2 to fix - ✗ XML External Entity Injection (XXE) [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-2329722] in org.apache.hadoop:hadoop-hdfs@2.8.1 - introduced by org.apache.hadoop:hadoop-hdfs@2.8.1 - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-461002] in org.apache.hadoop:hadoop-hdfs@2.8.1 - introduced by org.apache.hadoop:hadoop-hdfs@2.8.1 - - Upgrade org.apache.hadoop:hadoop-hdfs-client@2.8.1 to org.apache.hadoop:hadoop-hdfs-client@3.3.5 to fix - ✗ XML External Entity (XXE) Injection [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-3034197] in org.apache.hadoop:hadoop-hdfs-client@2.8.1 - introduced by org.apache.hadoop:hadoop-hdfs-client@2.8.1 - ✗ Access Restriction Bypass [High Severity][https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEHADOOP-1065272] in org.apache.hadoop:hadoop-hdfs-client@2.8.1 - introduced by org.apache.hadoop:hadoop-hdfs-client@2.8.1 - - - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/es-repository-hdfs -Project name: crate/crate:4.6.6:/crate/plugins/es-repository-hdfs -Docker image: crate/crate:4.6.6 -Licenses: enabled - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test crate/crate:4.6.6 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/functions -Project name: crate/crate:4.6.6:/crate/plugins/functions -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/jmx-monitoring -Project name: crate/crate:4.6.6:/crate/plugins/jmx-monitoring -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing crate/crate:4.6.6... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /crate/plugins/lang-js -Project name: crate/crate:4.6.6:/crate/plugins/lang-js -Docker image: crate/crate:4.6.6 -Licenses: enabled - -✔ Tested crate/crate:4.6.6 for known issues, no vulnerable paths found. - - -Tested 11 projects, 3 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/dpage_pgadmin4_7.1.md b/Snyk/scan_results/dpage_pgadmin4_7.1.md deleted file mode 100644 index e2af8ac..0000000 --- a/Snyk/scan_results/dpage_pgadmin4_7.1.md +++ /dev/null @@ -1,340 +0,0 @@ -**Scanning dpage/pgadmin4:7.1** -``` - -Testing dpage/pgadmin4:7.1... - -✗ Low severity vulnerability found in python3/python3 - Description: CVE-2023-6597 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-PYTHON3-6479006 - Introduced through: python3/python3@3.10.11-r0, py3-parsing/py3-parsing@3.0.9-r0, py3-packaging/py3-packaging@21.3-r2, py3-retrying/py3-retrying@1.3.3-r3, py3-setuptools/py3-setuptools@65.6.0-r0, py3-pip/py3-pip@22.3.1-r1, py3-six/py3-six@1.16.0-r3 - From: python3/python3@3.10.11-r0 - From: py3-parsing/py3-parsing@3.0.9-r0 > python3/python3@3.10.11-r0 - From: py3-packaging/py3-packaging@21.3-r2 > python3/python3@3.10.11-r0 - and 4 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.10.14-r0 - -✗ Low severity vulnerability found in python3/python3 - Description: CVE-2024-0450 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-PYTHON3-6479007 - Introduced through: python3/python3@3.10.11-r0, py3-parsing/py3-parsing@3.0.9-r0, py3-packaging/py3-packaging@21.3-r2, py3-retrying/py3-retrying@1.3.3-r3, py3-setuptools/py3-setuptools@65.6.0-r0, py3-pip/py3-pip@22.3.1-r1, py3-six/py3-six@1.16.0-r3 - From: python3/python3@3.10.11-r0 - From: py3-parsing/py3-parsing@3.0.9-r0 > python3/python3@3.10.11-r0 - From: py3-packaging/py3-packaging@21.3-r2 > python3/python3@3.10.11-r0 - and 4 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.10.14-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2023-6237 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6160001 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.12-r3 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6593966 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.12-r5 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-4603 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6928856 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.13-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.14-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.14-r0 - -✗ Low severity vulnerability found in libcap/libcap-utils - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-LIBCAP-5537076 - Introduced through: libcap/libcap-utils@2.66-r0, libcap/libcap@2.66-r0, libcap/libcap2@2.66-r0 - From: libcap/libcap-utils@2.66-r0 - From: libcap/libcap@2.66-r0 > libcap/libcap-utils@2.66-r0 - From: libcap/libcap2@2.66-r0 - and 3 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 2.66-r1 - -✗ Low severity vulnerability found in expat/libexpat - Description: CVE-2024-28757 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-EXPAT-6446349 - Introduced through: expat/libexpat@2.5.0-r0, python3/python3@3.10.11-r0 - From: expat/libexpat@2.5.0-r0 - From: python3/python3@3.10.11-r0 > expat/libexpat@2.5.0-r0 - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 2.6.2-r0 - -✗ Medium severity vulnerability found in python3/python3 - Description: CVE-2023-40217 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-PYTHON3-5862616 - Introduced through: python3/python3@3.10.11-r0, py3-parsing/py3-parsing@3.0.9-r0, py3-packaging/py3-packaging@21.3-r2, py3-retrying/py3-retrying@1.3.3-r3, py3-setuptools/py3-setuptools@65.6.0-r0, py3-pip/py3-pip@22.3.1-r1, py3-six/py3-six@1.16.0-r3 - From: python3/python3@3.10.11-r0 - From: py3-parsing/py3-parsing@3.0.9-r0 > python3/python3@3.10.11-r0 - From: py3-packaging/py3-packaging@21.3-r2 > python3/python3@3.10.11-r0 - and 4 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.10.13-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5438697 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.8-r4 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5661570 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.9-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5776809 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.9-r2 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Inefficient Regular Expression Complexity - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5788365 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.9-r3 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-5821141 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.10-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6095780 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.12-r1 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6148880 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.12-r2 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-0727 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6191691 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.12-r4 - -✗ Medium severity vulnerability found in krb5/krb5-libs - Description: Access of Uninitialized Pointer - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-KRB5-7413637 - Introduced through: krb5/krb5-libs@1.20.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: krb5/krb5-libs@1.20.1-r0 - From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.20.1-r0 - Image layer: Introduced by your base image (alpine:3.17.3) - Fixed in: 1.20.2-r0 - -✗ Medium severity vulnerability found in expat/libexpat - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-EXPAT-6241041 - Introduced through: expat/libexpat@2.5.0-r0, python3/python3@3.10.11-r0 - From: expat/libexpat@2.5.0-r0 - From: python3/python3@3.10.11-r0 > expat/libexpat@2.5.0-r0 - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 2.6.0-r0 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-6913412 - Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 - From: busybox/busybox@1.35.0-r29 - From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 - From: busybox/busybox-binsh@1.35.0-r29 - and 5 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 1.35.0-r30 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-7254940 - Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 - From: busybox/busybox@1.35.0-r29 - From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 - From: busybox/busybox-binsh@1.35.0-r29 - and 5 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 1.35.0-r31 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-7254941 - Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 - From: busybox/busybox@1.35.0-r29 - From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 - From: busybox/busybox-binsh@1.35.0-r29 - and 5 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 1.35.0-r31 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-BUSYBOX-7254942 - Introduced through: busybox/busybox@1.35.0-r29, alpine-baselayout/alpine-baselayout-data@3.4.0-r0, busybox/busybox-binsh@1.35.0-r29, icu/icu-data-en@72.1-r1, postfix/postfix@3.7.4-r0, shadow/shadow@4.13-r0, busybox/ssl_client@1.35.0-r29 - From: busybox/busybox@1.35.0-r29 - From: alpine-baselayout/alpine-baselayout-data@3.4.0-r0 > alpine-baselayout/alpine-baselayout@3.4.0-r0 > busybox/busybox-binsh@1.35.0-r29 > busybox/busybox@1.35.0-r29 - From: busybox/busybox-binsh@1.35.0-r29 - and 5 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 1.35.0-r31 - -✗ High severity vulnerability found in sqlite/sqlite-libs - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-SQLITE-6179510 - Introduced through: sqlite/sqlite-libs@3.40.1-r0, python3/python3@3.10.11-r0 - From: sqlite/sqlite-libs@3.40.1-r0 - From: python3/python3@3.10.11-r0 > sqlite/sqlite-libs@3.40.1-r0 - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.40.1-r1 - -✗ High severity vulnerability found in openssl/libcrypto3 - Description: CVE-2023-5363 - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-OPENSSL-6032385 - Introduced through: openssl/libcrypto3@3.0.8-r3, openssl/libssl3@3.0.8-r3, apk-tools/apk-tools@2.12.10-r1, busybox/ssl_client@1.35.0-r29, openldap/libldap@2.6.3-r6, postfix/postfix@3.7.4-r0, python3/python3@3.10.11-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto3@3.0.8-r3 - From: openssl/libssl3@3.0.8-r3 > openssl/libcrypto3@3.0.8-r3 - From: apk-tools/apk-tools@2.12.10-r1 > openssl/libcrypto3@3.0.8-r3 - and 12 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 3.0.12-r0 - -✗ High severity vulnerability found in ncurses/ncurses-libs - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-NCURSES-5606599 - Introduced through: ncurses/ncurses-libs@6.3_p20221119-r0, libedit/libedit@20221030.3.1-r0, python3/python3@3.10.11-r0, readline/readline@8.2.0-r0, ncurses/ncurses-terminfo-base@6.3_p20221119-r0 - From: ncurses/ncurses-libs@6.3_p20221119-r0 - From: libedit/libedit@20221030.3.1-r0 > ncurses/ncurses-libs@6.3_p20221119-r0 - From: python3/python3@3.10.11-r0 > ncurses/ncurses-libs@6.3_p20221119-r0 - and 3 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 6.3_p20221119-r1 - -✗ High severity vulnerability found in libcap/libcap-utils - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-LIBCAP-5537075 - Introduced through: libcap/libcap-utils@2.66-r0, libcap/libcap@2.66-r0, libcap/libcap2@2.66-r0 - From: libcap/libcap-utils@2.66-r0 - From: libcap/libcap@2.66-r0 > libcap/libcap-utils@2.66-r0 - From: libcap/libcap2@2.66-r0 - and 3 more... - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 2.66-r1 - -✗ High severity vulnerability found in expat/libexpat - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-ALPINE317-EXPAT-6241042 - Introduced through: expat/libexpat@2.5.0-r0, python3/python3@3.10.11-r0 - From: expat/libexpat@2.5.0-r0 - From: python3/python3@3.10.11-r0 > expat/libexpat@2.5.0-r0 - Image layer: 'apk add python3 py3-pip postfix krb5-libs libjpeg-turbo shadow sudo libedit libldap libcap' - Fixed in: 2.6.0-r0 - - - -Organization: bhavdeep1304 -Package manager: apk -Project name: docker-image|dpage/pgadmin4 -Docker image: dpage/pgadmin4:7.1 -Platform: linux/amd64 -Base image: alpine:3.17.3 -Licenses: enabled - -Tested 53 dependencies for known issues, found 29 issues. - -Base Image Vulnerabilities Severity -alpine:3.17.3 18 0 critical, 1 high, 12 medium, 5 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -alpine:3 1 0 critical, 0 high, 0 medium, 1 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -``` diff --git a/Snyk/scan_results/eclipse-mosquitto_2.0.14.md b/Snyk/scan_results/eclipse-mosquitto_2.0.14.md deleted file mode 100644 index f8267e5..0000000 --- a/Snyk/scan_results/eclipse-mosquitto_2.0.14.md +++ /dev/null @@ -1,92 +0,0 @@ -**Scanning eclipse-mosquitto:2.0.14** -``` - -Testing eclipse-mosquitto:2.0.14... - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314652 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Fixed in: 1.1.1t-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-5291791 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Fixed in: 1.1.1t-r2 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314637 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Fixed in: 1.1.1t-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314646 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Fixed in: 1.1.1t-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3314653 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Fixed in: 1.1.1t-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-ALPINE314-OPENSSL-3368739 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r0, libretls/libretls@3.3.3p1-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r0 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Fixed in: 1.1.1t-r1 - - - -Organization: bhavdeep1304 -Package manager: apk -Project name: docker-image|eclipse-mosquitto -Docker image: eclipse-mosquitto:2.0.14 -Platform: linux/amd64 -Base image: alpine:3.14.8 -Licenses: enabled - -Tested 20 dependencies for known issues, found 6 issues. - -Base Image Vulnerabilities Severity -alpine:3.14.8 6 0 critical, 4 high, 2 medium, 0 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -alpine:3 1 0 critical, 0 high, 0 medium, 1 low - -Alpine 3.14.8 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates. - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -``` diff --git a/Snyk/scan_results/eclipse-mosquitto_2.0.15.md b/Snyk/scan_results/eclipse-mosquitto_2.0.15.md deleted file mode 100644 index 3b01709..0000000 --- a/Snyk/scan_results/eclipse-mosquitto_2.0.15.md +++ /dev/null @@ -1,190 +0,0 @@ -**Scanning eclipse-mosquitto:2.0.15** -``` - -Testing eclipse-mosquitto:2.0.15... - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2023-6237 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6160000 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.4-r4 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.4-r6 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-4603 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6928857 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.5-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.6-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.6-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6055795 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.4-r1 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6152404 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.4-r3 - -✗ Medium severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-0727 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6191692 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.4-r5 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-6913411 - Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 - From: busybox/busybox@1.36.1-r2 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 - From: busybox/busybox-binsh@1.36.1-r2 - and 3 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 1.36.1-r6 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249236 - Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 - From: busybox/busybox@1.36.1-r2 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 - From: busybox/busybox-binsh@1.36.1-r2 - and 3 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 1.36.1-r7 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249265 - Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 - From: busybox/busybox@1.36.1-r2 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 - From: busybox/busybox-binsh@1.36.1-r2 - and 3 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 1.36.1-r7 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249419 - Introduced through: busybox/busybox@1.36.1-r2, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, busybox/ssl_client@1.36.1-r2 - From: busybox/busybox@1.36.1-r2 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r2 > busybox/busybox@1.36.1-r2 - From: busybox/busybox-binsh@1.36.1-r2 - and 3 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 1.36.1-r7 - -✗ High severity vulnerability found in openssl/libcrypto3 - Description: CVE-2023-5363 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6032386 - Introduced through: openssl/libcrypto3@3.1.2-r0, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r2, ca-certificates/ca-certificates@20230506-r0, openssl/libssl3@3.1.2-r0 - From: openssl/libcrypto3@3.1.2-r0 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.2-r0 - From: busybox/ssl_client@1.36.1-r2 > openssl/libcrypto3@3.1.2-r0 - and 5 more... - Image layer: 'apk --no-cache add ca-certificates cjson libressl' - Fixed in: 3.1.4-r0 - -✗ High severity vulnerability found in cjson/cjson - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-CJSON-6156886 - Introduced through: cjson/cjson@1.7.15-r4 - From: cjson/cjson@1.7.15-r4 - Image layer: 'apk --no-cache add --virtual build-deps build-base cmake cjson-dev gnupg libressl-dev linux-headers util-linux-dev' - Fixed in: 1.7.17-r0 - -✗ High severity vulnerability found in cjson/cjson - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-CJSON-6156890 - Introduced through: cjson/cjson@1.7.15-r4 - From: cjson/cjson@1.7.15-r4 - Image layer: 'apk --no-cache add --virtual build-deps build-base cmake cjson-dev gnupg libressl-dev linux-headers util-linux-dev' - Fixed in: 1.7.17-r0 - - - -Organization: bhavdeep1304 -Package manager: apk -Project name: docker-image|eclipse-mosquitto -Docker image: eclipse-mosquitto:2.0.15 -Platform: linux/amd64 -Base image: alpine:3.18.3 -Licenses: enabled - -Tested 21 dependencies for known issues, found 15 issues. - -Base Image Vulnerabilities Severity -alpine:3.18.3 13 0 critical, 1 high, 7 medium, 5 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -alpine:3 1 0 critical, 0 high, 0 medium, 1 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -``` diff --git a/Snyk/scan_results/fiware_iotagent-json_1.26.0.md b/Snyk/scan_results/fiware_iotagent-json_1.26.0.md deleted file mode 100644 index e409d68..0000000 --- a/Snyk/scan_results/fiware_iotagent-json_1.26.0.md +++ /dev/null @@ -1,1022 +0,0 @@ -**Scanning fiware/iotagent-json:1.26.0** -``` - -Testing fiware/iotagent-json:1.26.0... - -✗ Low severity vulnerability found in util-linux/libuuid1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-2401082 - Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 - From: util-linux/libuuid1@2.33.1-0.1 - From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 - From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 - and 25 more... - -✗ Low severity vulnerability found in util-linux/libuuid1 - Description: CVE-2024-28085 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-6508628 - Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 - From: util-linux/libuuid1@2.33.1-0.1 - From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 - From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 - and 25 more... - Fixed in: 2.33.1-0.1+deb10u1 - -✗ Low severity vulnerability found in tar - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001 - Introduced through: tar@1.30+dfsg-6 - From: tar@1.30+dfsg-6 - -✗ Low severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-312331 - Introduced through: tar@1.30+dfsg-6 - From: tar@1.30+dfsg-6 - -✗ Low severity vulnerability found in tar - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-3253529 - Introduced through: tar@1.30+dfsg-6 - From: tar@1.30+dfsg-6 - -✗ Low severity vulnerability found in tar - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-341203 - Introduced through: tar@1.30+dfsg-6 - From: tar@1.30+dfsg-6 - -✗ Low severity vulnerability found in tar - Description: CVE-2023-39804 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-TAR-6120423 - Introduced through: tar@1.30+dfsg-6 - From: tar@1.30+dfsg-6 - Fixed in: 1.30+dfsg-6+deb10u1 - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Authentication Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-2332026 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Privilege Chaining - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Incorrect Privilege Assignment - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733386 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733393 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-5733397 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-7008 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6137710 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-50868 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277511 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205 - Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 - From: shadow/passwd@1:4.5-1.1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 - From: shadow/login@1:4.5-1.1 - and 1 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230 - Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 - From: shadow/passwd@1:4.5-1.1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 - From: shadow/login@1:4.5-1.1 - and 1 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250 - Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 - From: shadow/passwd@1:4.5-1.1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 - From: shadow/login@1:4.5-1.1 - and 1 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852 - Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 - From: shadow/passwd@1:4.5-1.1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 - From: shadow/login@1:4.5-1.1 - and 1 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5423925 - Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 - From: shadow/passwd@1:4.5-1.1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 - From: shadow/login@1:4.5-1.1 - and 1 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SHADOW-5879153 - Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1 - From: shadow/passwd@1:4.5-1.1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 - From: shadow/login@1:4.5-1.1 - and 1 more... - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-1925980 - Introduced through: perl/perl-base@5.28.1-6+deb10u1 - From: perl/perl-base@5.28.1-6+deb10u1 - -✗ Low severity vulnerability found in perl/perl-base - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-327793 - Introduced through: perl/perl-base@5.28.1-6+deb10u1 - From: perl/perl-base@5.28.1-6+deb10u1 - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489186 - Introduced through: perl/perl-base@5.28.1-6+deb10u1 - From: perl/perl-base@5.28.1-6+deb10u1 - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PERL-5489188 - Introduced through: perl/perl-base@5.28.1-6+deb10u1 - From: perl/perl-base@5.28.1-6+deb10u1 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321 - Introduced through: pcre3/libpcre3@2:8.39-12 - From: pcre3/libpcre3@2:8.39-12 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353 - Introduced through: pcre3/libpcre3@2:8.39-12 - From: pcre3/libpcre3@2:8.39-12 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502 - Introduced through: pcre3/libpcre3@2:8.39-12 - From: pcre3/libpcre3@2:8.39-12 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530 - Introduced through: pcre3/libpcre3@2:8.39-12 - From: pcre3/libpcre3@2:8.39-12 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367 - Introduced through: pcre3/libpcre3@2:8.39-12 - From: pcre3/libpcre3@2:8.39-12 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368 - Introduced through: pcre3/libpcre3@2:8.39-12 - From: pcre3/libpcre3@2:8.39-12 - -✗ Low severity vulnerability found in pam/libpam0g - Description: CVE-2024-22365 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-PAM-6178916 - Introduced through: pam/libpam0g@1.3.1-5, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1, adduser@3.118, pam/libpam-modules-bin@1.3.1-5, pam/libpam-modules@1.3.1-5, pam/libpam-runtime@1.3.1-5 - From: pam/libpam0g@1.3.1-5 - From: shadow/login@1:4.5-1.1 > pam/libpam0g@1.3.1-5 - From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > pam/libpam0g@1.3.1-5 - and 11 more... - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6123819 - Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 - From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - and 7 more... - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-6252772 - Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 - From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - and 7 more... - -✗ Low severity vulnerability found in lz4/liblz4-1 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072 - Introduced through: lz4/liblz4-1@1.8.3-1+deb10u1, apt@1.8.2.3 - From: lz4/liblz4-1@1.8.3-1+deb10u1 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > lz4/liblz4-1@1.8.3-1+deb10u1 - -✗ Low severity vulnerability found in libtasn1-6 - Description: CVE-2018-1000654 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585 - Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 - From: libtasn1-6@4.13-3 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628 - Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 - From: libsepol/libsepol1@2.8-1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630 - Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 - From: libsepol/libsepol1@2.8-1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636 - Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 - From: libsepol/libsepol1@2.8-1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642 - Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118 - From: libsepol/libsepol1@2.8-1 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1 - -✗ Low severity vulnerability found in libseccomp/libseccomp2 - Description: CVE-2019-9893 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044 - Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3 - From: libseccomp/libseccomp2@2.3.3-4 - From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4 - -✗ Low severity vulnerability found in libidn2/libidn2-0 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100 - Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3 - From: libidn2/libidn2-0@2.0.5-1+deb10u1 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libidn2/libidn2-0@2.0.5-1+deb10u1 - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893 - Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 - From: libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 - -✗ Low severity vulnerability found in libgcrypt20 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902 - Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 - From: libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 - -✗ Low severity vulnerability found in libgcrypt20 - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489 - Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 - From: libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-6405988 - Introduced through: libgcrypt20@1.8.4-5+deb10u1, apt@1.8.2.3 - From: libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 > libgcrypt20@1.8.4-5+deb10u1 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 > libgcrypt20@1.8.4-5+deb10u1 - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755 - Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 - From: gnutls28/libgnutls30@3.6.7-4+deb10u9 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-3330746 - Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 - From: gnupg2/gpgv@2.2.12-1+deb10u2 - From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553 - Introduced through: gnupg2/gpgv@2.2.12-1+deb10u2, apt@1.8.2.3 - From: gnupg2/gpgv@2.2.12-1+deb10u2 - From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2019-1010023 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894106 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-5894107 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-2961 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6617101 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - Fixed in: 2.28-10+deb10u3 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33599 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673956 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33601 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673957 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33602 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673966 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33600 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-6673971 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ Low severity vulnerability found in gcc-8/libstdc++6 - Description: Insufficient Entropy - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413 - Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 - From: gcc-8/libstdc++6@8.3.0-6 - From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 - and 2 more... - -✗ Low severity vulnerability found in gcc-8/libstdc++6 - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-5901315 - Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 - From: gcc-8/libstdc++6@8.3.0-6 - From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 - and 2 more... - -✗ Low severity vulnerability found in e2fsprogs/libcom-err2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-E2FSPROGS-2628482 - Introduced through: e2fsprogs/libcom-err2@1.44.5-1+deb10u3, e2fsprogs@1.44.5-1+deb10u3, e2fsprogs/libext2fs2@1.44.5-1+deb10u3, e2fsprogs/libss2@1.44.5-1+deb10u3 - From: e2fsprogs/libcom-err2@1.44.5-1+deb10u3 - From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 - From: e2fsprogs@1.44.5-1+deb10u3 > e2fsprogs/libss2@1.44.5-1+deb10u3 > e2fsprogs/libcom-err2@1.44.5-1+deb10u3 - and 5 more... - -✗ Low severity vulnerability found in coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465 - Introduced through: coreutils@8.30-3 - From: coreutils@8.30-3 - -✗ Low severity vulnerability found in coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494 - Introduced through: coreutils@8.30-3 - From: coreutils@8.30-3 - -✗ Low severity vulnerability found in bash - Description: Improper Check for Dropped Privileges - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-BASH-536280 - Introduced through: bash@5.0-4 - From: bash@5.0-4 - -✗ Low severity vulnerability found in apt/libapt-pkg5.0 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-APT-407502 - Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3 - From: apt/libapt-pkg5.0@1.8.2.3 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 - From: apt@1.8.2.3 - -✗ Medium severity vulnerability found in util-linux/libuuid1 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833 - Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1 - From: util-linux/libuuid1@2.33.1-0.1 - From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1 - From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1 - and 25 more... - Fixed in: 2.33.1-0.1+deb10u1 - -✗ Medium severity vulnerability found in systemd/libsystemd0 - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3111121 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - Fixed in: 241-7~deb10u10 - -✗ Medium severity vulnerability found in systemd/libsystemd0 - Description: CVE-2022-4415 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3177744 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ Medium severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5862705 - Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 - From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - and 7 more... - Fixed in: 6.1+20181013-2+deb10u4 - -✗ Medium severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6062099 - Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 - From: gnutls28/libgnutls30@3.6.7-4+deb10u9 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 - Fixed in: 3.6.7-4+deb10u11 - -✗ High severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-26604 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-3339153 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - Fixed in: 241-7~deb10u9 - -✗ High severity vulnerability found in systemd/libsystemd0 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-6277513 - Introduced through: systemd/libsystemd0@241-7~deb10u8, util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8 - From: systemd/libsystemd0@241-7~deb10u8 - From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u8 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@241-7~deb10u8 - and 4 more... - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-1655739 - Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 - From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - and 7 more... - Fixed in: 6.1+20181013-2+deb10u5 - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-NCURSES-5421196 - Introduced through: ncurses/libtinfo6@6.1+20181013-2+deb10u3, bash@5.0-4, ncurses/ncurses-bin@6.1+20181013-2+deb10u3, util-linux/fdisk@2.33.1-0.1, util-linux/mount@2.33.1-0.1, ncurses/libncursesw6@6.1+20181013-2+deb10u3, ncurses/ncurses-base@6.1+20181013-2+deb10u3 - From: ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: bash@5.0-4 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - From: ncurses/ncurses-bin@6.1+20181013-2+deb10u3 > ncurses/libtinfo6@6.1+20181013-2+deb10u3 - and 7 more... - Fixed in: 6.1+20181013-2+deb10u5 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-3318300 - Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 - From: gnutls28/libgnutls30@3.6.7-4+deb10u9 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 - Fixed in: 3.6.7-4+deb10u10 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-6159414 - Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u9, apt@1.8.2.3 - From: gnutls28/libgnutls30@3.6.7-4+deb10u9 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 - Fixed in: 3.6.7-4+deb10u12 - -✗ High severity vulnerability found in glibc/libc-bin - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488 - Introduced through: glibc/libc-bin@2.28-10+deb10u2, glibc/libc6@2.28-10+deb10u2 - From: glibc/libc-bin@2.28-10+deb10u2 - From: glibc/libc6@2.28-10+deb10u2 - -✗ High severity vulnerability found in gcc-8/libstdc++6 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558 - Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, gcc-8/gcc-8-base@8.3.0-6, gcc-8/libgcc1@1:8.3.0-6 - From: gcc-8/libstdc++6@8.3.0-6 - From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 - From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6 - and 2 more... - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-ZLIB-6008964 - Introduced through: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 - From: zlib/zlib1g@1:1.2.11.dfsg-1+deb10u2 - -✗ Critical severity vulnerability found in libtasn1-6 - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-3061094 - Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3 - From: libtasn1-6@4.13-3 - From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u9 > libtasn1-6@4.13-3 - Fixed in: 4.13-3+deb10u1 - -✗ Critical severity vulnerability found in db5.3/libdb5.3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN10-DB53-2825169 - Introduced through: db5.3/libdb5.3@5.3.28+dfsg1-0.5, adduser@3.118 - From: db5.3/libdb5.3@5.3.28+dfsg1-0.5 - From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > pam/libpam-modules@1.3.1-5 > db5.3/libdb5.3@5.3.28+dfsg1-0.5 - ------------- Detected 39 vulnerabilities for node@16.19.0 ------------ - - -✗ Low severity vulnerability found in node - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741888 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Low severity vulnerability found in node - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741892 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Low severity vulnerability found in node - Description: Insecure Randomness - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741899 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Low severity vulnerability found in node - Description: Permissive Cross-domain Policy with Untrusted Domains - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252338 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.19.1, 20.11.1, 21.6.2 - -✗ Low severity vulnerability found in node - Description: Authorization Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430907 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 20.15.1, 22.4.1 - -✗ Low severity vulnerability found in node - Description: Authorization Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430909 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 20.15.1, 22.4.1 - -✗ Low severity vulnerability found in node - Description: Improper Handling of Values - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430912 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 20.15.1, 22.4.1 - -✗ Medium severity vulnerability found in node - Description: Timing Attack - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326669 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326682 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326683 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326684 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326685 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326686 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Privilege Escalation - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329554 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ Medium severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741792 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741793 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: Inconsistency Between Implementation and Documented Design - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741796 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1, 18.16.1, 20.3.1 - -✗ Medium severity vulnerability found in node - Description: Buffer Over-read - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741894 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741895 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: Insecure Randomness - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741896 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: Buffer Underwrite (Buffer Underflow) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741900 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: Privilege Escalation - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5756501 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ Medium severity vulnerability found in node - Description: Improper Access Control - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5843454 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.2 - -✗ Medium severity vulnerability found in node - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848030 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.2 - -✗ Medium severity vulnerability found in node - Description: Observable Timing Discrepancy - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252330 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.19.1, 20.11.1, 21.6.2 - -✗ Medium severity vulnerability found in node - Description: HTTP Request Smuggling - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6564550 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.20.1, 20.12.1, 21.7.2 - -✗ Medium severity vulnerability found in node - Description: Improper Control of Generation of Code ('Code Injection') - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430900 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.20.4, 20.15.1, 22.4.1 - -✗ Medium severity vulnerability found in node - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430905 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.20.4, 20.15.1, 22.4.1 - -✗ High severity vulnerability found in node - Description: Insecure Permissions - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326666 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ High severity vulnerability found in node - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326668 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ High severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3326688 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ High severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-3329555 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.19.1 - -✗ High severity vulnerability found in node - Description: Prototype Pollution - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741794 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ High severity vulnerability found in node - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5741889 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.1 - -✗ High severity vulnerability found in node - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-5848038 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 16.20.2 - -✗ High severity vulnerability found in node - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252328 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.19.1, 20.11.1, 21.6.2 - -✗ High severity vulnerability found in node - Description: Code Injection - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6252332 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.19.1, 20.11.1, 21.6.2 - -✗ High severity vulnerability found in node - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6564548 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.20.1, 20.12.1, 21.7.2 - -✗ High severity vulnerability found in node - Description: Improper Control of Generation of Code ('Code Injection') - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-6615824 - Introduced through: node@16.19.0 - From: node@16.19.0 - Fixed in: 18.20.2, 20.12.2, 21.7.3 - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|fiware/iotagent-json -Docker image: fiware/iotagent-json:1.26.0 -Platform: linux/amd64 -Licenses: enabled - -Tested 85 dependencies for known issues, found 128 issues. - -Debian 10 is no longer supported by the Debian maintainers. Vulnerability detection may be affected by a lack of security updates. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test fiware/iotagent-json:1.26.0 --file=path/to/Dockerfile - -To remove this message in the future, please run `snyk config set disableSuggestions=true` - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - -------------------------------------------------------- - -Testing fiware/iotagent-json:1.26.0... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /opt/iotagent-json/node_modules/JSV/jsdoc-toolkit/java/classes -Project name: fiware/iotagent-json:1.26.0:/opt/iotagent-json/node_modules/JSV/jsdoc-toolkit/java/classes -Docker image: fiware/iotagent-json:1.26.0 -Licenses: enabled - -✔ Tested fiware/iotagent-json:1.26.0 for known issues, no vulnerable paths found. - -------------------------------------------------------- - -Testing fiware/iotagent-json:1.26.0... - -Organization: bhavdeep1304 -Package manager: maven -Target file: /opt/iotagent-json/node_modules/JSV/jsdoc-toolkit -Project name: fiware/iotagent-json:1.26.0:/opt/iotagent-json/node_modules/JSV/jsdoc-toolkit -Docker image: fiware/iotagent-json:1.26.0 -Licenses: enabled - -✔ Tested fiware/iotagent-json:1.26.0 for known issues, no vulnerable paths found. - - -Tested 3 projects, 1 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/fiware_orion_3.7.0.md b/Snyk/scan_results/fiware_orion_3.7.0.md deleted file mode 100644 index 7d812a7..0000000 --- a/Snyk/scan_results/fiware_orion_3.7.0.md +++ /dev/null @@ -1,2330 +0,0 @@ -**Scanning fiware/orion:3.7.0** -``` - -Testing fiware/orion:3.7.0... - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081 - Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u3, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 - From: util-linux/libblkid1@2.36.1-8+deb11u1 - From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 - From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 - and 16 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: CVE-2024-28085 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-6508632 - Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u3, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 - From: util-linux/libblkid1@2.36.1-8+deb11u1 - From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 - From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 - and 16 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.36.1-8+deb11u2 - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2434417 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Improper Resource Shutdown or Release - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2440571 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-514595 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-516778 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-518574 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-520936 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-531474 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5416363 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5425904 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5673712 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5724641 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747597 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5749339 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5750143 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5767900 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5773188 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5853001 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6079927 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6084515 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190609 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190787 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-523480 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in tar - Description: CVE-2023-39804 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-6120424 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 1.34+dfsg-1+deb11u1 - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Authentication Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733387 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733391 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733392 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-7008 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6137713 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-50868 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277512 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5423922 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5879152 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-532614 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489185 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489191 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pcre2/libpcre2-8-0 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-5788325 - Introduced through: pcre2/libpcre2-8-0@10.36-2 - From: pcre2/libpcre2-8-0@10.36-2 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in pam/libpam0g - Description: CVE-2024-22365 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PAM-6178915 - Introduced through: pam/libpam0g@1.4.0-9+deb11u1, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1, adduser@3.118, pam/libpam-modules-bin@1.4.0-9+deb11u1, pam/libpam-modules@1.4.0-9+deb11u1, pam/libpam-runtime@1.4.0-9+deb11u1 - From: pam/libpam0g@1.4.0-9+deb11u1 - From: shadow/login@1:4.8.1-1 > pam/libpam0g@1.4.0-9+deb11u1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > pam/libpam0g@1.4.0-9+deb11u1 - and 11 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6048819 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-0727 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6190224 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6592093 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7151355 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7411351 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-521320 - Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531344 - Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Cryptographic Issues - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531747 - Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-5660622 - Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-584937 - Introduced through: curl@7.74.0-1.3+deb11u1, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in nghttp2/libnghttp2-14 - Description: CVE-2024-28182 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-6541750 - Introduced through: curl@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > nghttp2/libnghttp2-14@1.43.0-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6123820 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6252771 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libzstd/libzstd1 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBZSTD-5406388 - Introduced through: libzstd/libzstd1@1.4.8+dfsg-2.1, apt@2.2.4, glibc/libc-devtools@2.31-13+deb11u3 - From: libzstd/libzstd1@1.4.8+dfsg-2.1 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libzstd/libzstd1@1.4.8+dfsg-2.1 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > systemd/libsystemd0@247.3-7 > libzstd/libzstd1@1.4.8+dfsg-2.1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in libpng1.6/libpng16-16 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-2363923 - Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u3 - From: libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 > libpng1.6/libpng16-16@1.6.37-3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libpng1.6/libpng16-16 - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-529373 - Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u3 - From: libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 > libpng1.6/libpng16-16@1.6.37-3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libjpeg-turbo/libjpeg62-turbo - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBJPEGTURBO-2932112 - Introduced through: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4, glibc/libc-devtools@2.31-13+deb11u3 - From: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgd2/libgd3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1536763 - Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u3 - From: libgd2/libgd3@2.3.0-2 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgd2/libgd3 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1570130 - Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u3 - From: libgd2/libgd3@2.3.0-2 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgd2/libgd3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1583889 - Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u3 - From: libgd2/libgd3@2.3.0-2 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892 - Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 > libgcrypt20@1.8.7-6 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgcrypt20 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947 - Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 > libgcrypt20@1.8.7-6 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-6405987 - Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 > libgcrypt20@1.8.7-6 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-26462 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277413 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-26461 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277418 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-26458 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277420 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-37371 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u5 - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-37370 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411320 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u5 - -✗ Low severity vulnerability found in jbigkit/libjbig0 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-JBIGKIT-514977 - Introduced through: jbigkit/libjbig0@2.1-3.1+b2, glibc/libc-devtools@2.31-13+deb11u3 - From: jbigkit/libjbig0@2.1-3.1+b2 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > jbigkit/libjbig0@2.1-3.1+b2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Uncaught Exception - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474582 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474587 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-3330745 - Introduced through: gnupg2/gpgv@2.2.27-2+deb11u1, apt@2.2.4 - From: gnupg2/gpgv@2.2.27-2+deb11u1 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2019-1010023 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-2961 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6617104 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u9 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33599 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673955 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33601 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673958 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33600 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673967 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33602 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673973 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in gcc-9/gcc-9-base - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC9-5901306 - Introduced through: gcc-9/gcc-9-base@9.3.0-22 - From: gcc-9/gcc-9-base@9.3.0-22 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in gcc-10/libstdc++6 - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC10-5901313 - Introduced through: apt@2.2.4, boost1.74/libboost-thread1.74.0@1.74.0-9, icu/libicu67@67.1-7, gcc-10/gcc-10-base@10.2.1-6, gcc-10/libgcc-s1@10.2.1-6 - From: apt@2.2.4 > gcc-10/libstdc++6@10.2.1-6 - From: boost1.74/libboost-thread1.74.0@1.74.0-9 > gcc-10/libstdc++6@10.2.1-6 - From: icu/libicu67@67.1-7 > gcc-10/libstdc++6@10.2.1-6 - and 3 more... - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in freetype/libfreetype6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2848681 - Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 - From: freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-524217 - Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 - From: expat/libexpat1@2.2.10-2+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227594 - Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 - From: expat/libexpat1@2.2.10-2+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227598 - Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 - From: expat/libexpat1@2.2.10-2+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: CVE-2024-28757 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6420594 - Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 - From: expat/libexpat1@2.2.10-2+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in e2fsprogs/libcom-err2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459 - Introduced through: e2fsprogs@1.46.2-2, curl@7.74.0-1.3+deb11u1, e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2 - From: e2fsprogs@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 - From: e2fsprogs@1.46.2-2 > e2fsprogs/libss2@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > e2fsprogs/libcom-err2@1.46.2-2 - and 8 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in db5.3/libdb5.3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168 - Introduced through: adduser@3.118, curl@7.74.0-1.3+deb11u1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1+deb11u1 > cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Missing Initialization of Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1296884 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Use of Incorrectly-Resolved Name or Reference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322658 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322659 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322667 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2022-35252 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3012384 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u3 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561869 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2023-28322 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561885 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u9 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2023-38546 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955029 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u10 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2398 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501704 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u12 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2379 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501711 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in coreutils/coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776 - Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 - From: coreutils/coreutils@8.32-4+b1 - From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in coreutils/coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269 - Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 - From: coreutils/coreutils@8.32-4+b1 - From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in bash/bash - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361 - Introduced through: bash/bash@5.1-2+b3 - From: bash/bash@5.1-2+b3 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Low severity vulnerability found in apt/libapt-pkg6.0 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-APT-522585 - Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4 - From: apt/libapt-pkg6.0@2.2.4 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 - From: apt@2.2.4 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2774162 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2774167 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2823289 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2823291 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938519 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938520 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938525 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2964237 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Integer Underflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987009 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Integer Underflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987011 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Improper Validation of Specified Quantity in Input - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987014 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3008946 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012393 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Incorrect Calculation of Buffer Size - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012398 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Release of Invalid Pointer or Reference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012399 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058771 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058775 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058778 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058779 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058787 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058792 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3244453 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319790 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319791 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319804 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319810 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319811 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319813 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319814 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319820 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319824 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319826 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3339158 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5425902 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5518072 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747608 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862860 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u5 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862861 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u5 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5934951 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u5 - -✗ Medium severity vulnerability found in tar - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 1.34+dfsg-1+deb11u1 - -✗ Medium severity vulnerability found in systemd/libsystemd0 - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3111119 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 247.3-7+deb11u2 - -✗ Medium severity vulnerability found in systemd/libsystemd0 - Description: CVE-2022-4415 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3177742 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 247.3-7+deb11u2 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2941242 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u4 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314592 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u4 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Inefficient Regular Expression Complexity - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5788324 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1v-0~deb11u1 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5812634 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1v-0~deb11u1 - -✗ Medium severity vulnerability found in libxpm/libxpm4 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927156 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1+deb11u1 - -✗ Medium severity vulnerability found in libxpm/libxpm4 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927166 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1+deb11u1 - -✗ Medium severity vulnerability found in libx11/libx11-data - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927151 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u2 - -✗ Medium severity vulnerability found in libx11/libx11-data - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927154 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u2 - -✗ Medium severity vulnerability found in krb5/libk5crypto3 - Description: Access of Uninitialized Pointer - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-5825661 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u4 - -✗ Medium severity vulnerability found in gnutls28/libgnutls30 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-2419151 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u1 - -✗ Medium severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6062102 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u4 - -✗ Medium severity vulnerability found in gnupg2/gpgv - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-2939851 - Introduced through: gnupg2/gpgv@2.2.27-2+deb11u1, apt@2.2.4 - From: gnupg2/gpgv@2.2.27-2+deb11u1 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u1 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 2.2.27-2+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Insufficient Verification of Data Authenticity - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1585148 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2804158 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2804167 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936232 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936233 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936235 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3179186 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u5 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320492 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320498 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u7 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366760 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366763 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366765 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561876 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u9 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: CVE-2023-46218 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100976 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u11 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Missing Encryption of Sensitive Data - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100978 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in tiff/libtiff5 - Description: Numeric Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3113871 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u3 - -✗ High severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747600 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u3 - From: tiff/libtiff5@4.2.0-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ High severity vulnerability found in systemd/libsystemd0 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 - Introduced through: systemd/libsystemd0@247.3-7, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7 - From: systemd/libsystemd0@247.3-7 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in perl/perl-base - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 5.32.1-4+deb11u3 - -✗ High severity vulnerability found in openssl/libssl1.1 - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314584 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u4 - -✗ High severity vulnerability found in openssl/libssl1.1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314604 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u4 - -✗ High severity vulnerability found in openssl/libssl1.1 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3314615 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u4 - -✗ High severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ High severity vulnerability found in nghttp2/libnghttp2-14 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384 - Introduced through: curl@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > nghttp2/libnghttp2-14@1.43.0-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.43.0-1+deb11u1 - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-2767191 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 6.2+20201114-2+deb11u1 - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 6.2+20201114-2+deb11u2 - -✗ High severity vulnerability found in libxpm/libxpm4 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232725 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1~deb11u1 - -✗ High severity vulnerability found in libxpm/libxpm4 - Description: Untrusted Search Path - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232730 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1~deb11u1 - -✗ High severity vulnerability found in libxpm/libxpm4 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232736 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u3 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1~deb11u1 - -✗ High severity vulnerability found in libx11/libx11-data - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5710893 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u1 - -✗ High severity vulnerability found in libx11/libx11-data - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927150 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u3, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u2 - -✗ High severity vulnerability found in libwebp/libwebp6 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5489177 - Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u3 - From: libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > libwebp/libwebp6@0.6.1-2.1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 0.6.1-2.1+deb11u1 - -✗ High severity vulnerability found in libwebp/libwebp6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u3 - From: libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u1 > libwebp/libwebp6@0.6.1-2.1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 0.6.1-2.1+deb11u2 - -✗ High severity vulnerability found in libtirpc/libtirpc3 - Description: Improper Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBTIRPC-2959390 - Introduced through: adduser@3.118, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libtirpc/libtirpc3@1.3.1-1 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > glibc/libc6-dev@2.31-13+deb11u3 > libnsl/libnsl-dev@1.3.0-2 > libtirpc/libtirpc-dev@1.3.1-1 > libtirpc/libtirpc3@1.3.1-1 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > glibc/libc6-dev@2.31-13+deb11u3 > libnsl/libnsl-dev@1.3.0-2 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.3.1-1+deb11u1 - -✗ High severity vulnerability found in libssh2/libssh2-1 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSSH2-5861756 - Introduced through: curl@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > libssh2/libssh2-1@1.9.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.9.0-2+deb11u1 - -✗ High severity vulnerability found in krb5/libk5crypto3 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-3120880 - Introduced through: curl@7.74.0-1.3+deb11u1, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u3 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-2964220 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u2 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-3318299 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u3 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159417 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u5 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159419 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u1 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u5 - -✗ High severity vulnerability found in glibc/libc-bin - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-2340919 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u4 - -✗ High severity vulnerability found in glibc/libc-bin - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - Introduced through: glibc/libc-bin@2.31-13+deb11u3, glibc/libc-devtools@2.31-13+deb11u3, glibc/libc6@2.31-13+deb11u3, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 - From: glibc/libc6@2.31-13+deb11u3 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u7 - -✗ High severity vulnerability found in freetype/libfreetype6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2774654 - Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 - From: freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.10.4+dfsg-1+deb11u1 - -✗ High severity vulnerability found in freetype/libfreetype6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2774664 - Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 - From: freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.10.4+dfsg-1+deb11u1 - -✗ High severity vulnerability found in expat/libexpat1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-3023031 - Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 - From: expat/libexpat1@2.2.10-2+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.2.10-2+deb11u4 - -✗ High severity vulnerability found in expat/libexpat1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-3061093 - Introduced through: expat/libexpat1@2.2.10-2+deb11u3, glibc/libc-devtools@2.31-13+deb11u3 - From: expat/libexpat1@2.2.10-2+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.2.10-2+deb11u5 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1585138 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ High severity vulnerability found in curl/libcurl4 - Description: CVE-2022-27775 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2804164 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Missing Authentication for Critical Function - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2805482 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2813769 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2813773 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3066040 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3179181 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in curl/libcurl4 - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366762 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366772 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-2976151 - Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 - From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 1:1.2.11.dfsg-2+deb11u2 - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961 - Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 - From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1 - Image layer: Introduced by your base image (debian:11.2-slim) - -✗ Critical severity vulnerability found in pcre2/libpcre2-8-0 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-2808697 - Introduced through: pcre2/libpcre2-8-0@10.36-2 - From: pcre2/libpcre2-8-0@10.36-2 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 10.36-2+deb11u1 - -✗ Critical severity vulnerability found in pcre2/libpcre2-8-0 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-2808704 - Introduced through: pcre2/libpcre2-8-0@10.36-2 - From: pcre2/libpcre2-8-0@10.36-2 - Image layer: Introduced by your base image (debian:11.2-slim) - Fixed in: 10.36-2+deb11u1 - -✗ Critical severity vulnerability found in openssl/libssl1.1 - Description: OS Command Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2933518 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u1, openssl@1.1.1n-0+deb11u2 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u2 > openssl/libssl1.1@1.1.1n-0+deb11u2 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u3 - -✗ Critical severity vulnerability found in libtasn1-6 - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBTASN16-3061097 - Introduced through: curl@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5 > libtasn1-6@4.16.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.16.0-2+deb11u1 - -✗ Critical severity vulnerability found in freetype/libfreetype6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2774656 - Introduced through: freetype/libfreetype6@2.10.4+dfsg-1, glibc/libc-devtools@2.31-13+deb11u3 - From: freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1 - From: glibc/libc-devtools@2.31-13+deb11u3 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.10.4+dfsg-1+deb11u1 - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1585150 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Incorrect Default Permissions - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-2936229 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u2 - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Exposure of Resource to Wrong Sphere - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3065656 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u5 - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955037 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u1, curl@7.74.0-1.3+deb11u1 - From: curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 > curl/libcurl4@7.74.0-1.3+deb11u1 - From: curl@7.74.0-1.3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u10 - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|fiware/orion -Docker image: fiware/orion:3.7.0 -Platform: linux/amd64 -Base image: debian:11.2-slim -Licenses: enabled - -Tested 146 dependencies for known issues, found 247 issues. - -Base Image Vulnerabilities Severity -debian:11.2-slim 120 11 critical, 20 high, 15 medium, 74 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -debian:bullseye-20240701-slim 69 1 critical, 1 high, 0 medium, 67 low - -Major upgrades -Base Image Vulnerabilities Severity -debian:bookworm-20240701-slim 33 1 critical, 0 high, 0 medium, 32 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -``` diff --git a/Snyk/scan_results/fiware_orion_latest.md b/Snyk/scan_results/fiware_orion_latest.md deleted file mode 100644 index a1a628e..0000000 --- a/Snyk/scan_results/fiware_orion_latest.md +++ /dev/null @@ -1,882 +0,0 @@ -**Scanning fiware/orion:latest** -``` - -Testing fiware/orion:latest... - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-UTILLINUX-2401083 - Introduced through: util-linux/libblkid1@2.38.1-5+deb12u1, e2fsprogs@1.47.0-2, util-linux/libmount1@2.38.1-5+deb12u1, util-linux@2.38.1-5+deb12u1, util-linux/mount@2.38.1-5+deb12u1, util-linux/libuuid1@2.38.1-5+deb12u1, util-linux/libsmartcols1@2.38.1-5+deb12u1, util-linux/util-linux-extra@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1 - From: util-linux/libblkid1@2.38.1-5+deb12u1 - From: e2fsprogs@1.47.0-2 > util-linux/libblkid1@2.38.1-5+deb12u1 - From: util-linux/libmount1@2.38.1-5+deb12u1 > util-linux/libblkid1@2.38.1-5+deb12u1 - and 17 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1560922 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561093 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561130 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561402 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-1561632 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Improper Resource Shutdown or Release - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-2440572 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5416364 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5673710 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5747599 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5749338 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5750144 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5767899 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-5773187 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6079922 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6084514 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6190608 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tiff/libtiff6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TIFF-6190785 - Introduced through: tiff/libtiff6@4.5.0-6+deb12u1, glibc/libc-devtools@2.36-9+deb12u7 - From: tiff/libtiff6@4.5.0-6+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TAR-1560620 - Introduced through: tar@1.34+dfsg-1.2+deb12u1, dash@0.5.12-2 - From: tar@1.34+dfsg-1.2+deb12u1 - From: dash@0.5.12-2 > dpkg@1.21.22 > tar@1.34+dfsg-1.2+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-1560739 - Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 - From: systemd/libsystemd0@252.22-1~deb12u1 - From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733385 - Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 - From: systemd/libsystemd0@252.22-1~deb12u1 - From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733390 - Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 - From: systemd/libsystemd0@252.22-1~deb12u1 - From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733398 - Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 - From: systemd/libsystemd0@252.22-1~deb12u1 - From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-50868 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277509 - Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 - From: systemd/libsystemd0@252.22-1~deb12u1 - From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 252.23-1~deb12u1 - -✗ Low severity vulnerability found in shadow/passwd - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559391 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559403 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5423923 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5879156 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-1556505 - Introduced through: perl/perl-base@5.36.0-7+deb12u1 - From: perl/perl-base@5.36.0-7+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184 - Introduced through: perl/perl-base@5.36.0-7+deb12u1 - From: perl/perl-base@5.36.0-7+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489190 - Introduced through: perl/perl-base@5.36.0-7+deb12u1 - From: perl/perl-base@5.36.0-7+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in pam/libpam0g - Description: CVE-2024-22365 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PAM-6178914 - Introduced through: pam/libpam0g@1.5.2-6+deb12u1, shadow/login@1:4.13+dfsg1-1+b1, util-linux@2.38.1-5+deb12u1, adduser@3.134, pam/libpam-modules-bin@1.5.2-6+deb12u1, pam/libpam-modules@1.5.2-6+deb12u1, pam/libpam-runtime@1.5.2-6+deb12u1 - From: pam/libpam0g@1.5.2-6+deb12u1 - From: shadow/login@1:4.13+dfsg1-1+b1 > pam/libpam0g@1.5.2-6+deb12u1 - From: util-linux@2.38.1-5+deb12u1 > pam/libpam0g@1.5.2-6+deb12u1 - and 11 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2023-6237 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6157243 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.0.13-1~deb12u1 - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6592092 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-4603 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6861561 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7151359 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7411350 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.5-0 - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555631 - Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 - From: openldap/libldap-common@2.5.13+dfsg-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.5-0 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555724 - Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 - From: openldap/libldap-common@2.5.13+dfsg-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.5-0 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555918 - Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 - From: openldap/libldap-common@2.5.13+dfsg-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.5-0 - Description: Cryptographic Issues - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-1555941 - Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 - From: openldap/libldap-common@2.5.13+dfsg-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.5-0 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENLDAP-5660620 - Introduced through: curl@7.88.1-10+deb12u5, openldap/libldap-common@2.5.13+dfsg-5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 - From: openldap/libldap-common@2.5.13+dfsg-5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in nghttp2/libnghttp2-14 - Description: CVE-2024-28182 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NGHTTP2-6541749 - Introduced through: curl@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > nghttp2/libnghttp2-14@1.52.0-1+deb12u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6123823 - Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b2, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 - From: ncurses/libtinfo6@6.4-4 - From: bash/bash@5.2.15-2+b2 > ncurses/libtinfo6@6.4-4 - From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6252773 - Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b2, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 - From: ncurses/libtinfo6@6.4-4 - From: bash/bash@5.2.15-2+b2 > ncurses/libtinfo6@6.4-4 - From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libpng1.6/libpng16-16 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBPNG16-2363910 - Introduced through: libpng1.6/libpng16-16@1.6.39-2, glibc/libc-devtools@2.36-9+deb12u7 - From: libpng1.6/libpng16-16@1.6.39-2 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libpng1.6/libpng16-16@1.6.39-2 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > freetype/libfreetype6@2.12.1+dfsg-5 > libpng1.6/libpng16-16@1.6.39-2 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libheif/libheif1 - Description: Divide By Zero - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-5498469 - Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: libheif/libheif1@1.15.1-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libheif/libheif1 - Description: CVE-2023-49462 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105360 - Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: libheif/libheif1@1.15.1-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libheif/libheif1 - Description: CVE-2023-49460 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105367 - Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: libheif/libheif1@1.15.1-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libheif/libheif1 - Description: CVE-2023-49464 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105368 - Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: libheif/libheif1@1.15.1-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libheif/libheif1 - Description: CVE-2023-49463 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6105378 - Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: libheif/libheif1@1.15.1-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libheif/libheif1 - Description: CVE-2024-25269 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBHEIF-6371532 - Introduced through: libheif/libheif1@1.15.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: libheif/libheif1@1.15.1-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libgcrypt20 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-1550206 - Introduced through: libgcrypt20/libgcrypt20-dev@1.10.1-3, apt@2.6.1 - From: libgcrypt20/libgcrypt20-dev@1.10.1-3 > libgcrypt20@1.10.1-3 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 - From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-6405981 - Introduced through: libgcrypt20/libgcrypt20-dev@1.10.1-3, apt@2.6.1 - From: libgcrypt20/libgcrypt20-dev@1.10.1-3 > libgcrypt20@1.10.1-3 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 - From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libde265/libde265-0 - Description: CVE-2023-51792 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBDE265-6672145 - Introduced through: libde265/libde265-0@1.0.11-1+deb12u2, glibc/libc-devtools@2.36-9+deb12u7 - From: libde265/libde265-0@1.0.11-1+deb12u2 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > libde265/libde265-0@1.0.11-1+deb12u2 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libde265/libde265-0 - Description: CVE-2024-38949 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBDE265-7411271 - Introduced through: libde265/libde265-0@1.0.11-1+deb12u2, glibc/libc-devtools@2.36-9+deb12u7 - From: libde265/libde265-0@1.0.11-1+deb12u2 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > libde265/libde265-0@1.0.11-1+deb12u2 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in libde265/libde265-0 - Description: CVE-2024-38950 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBDE265-7411272 - Introduced through: libde265/libde265-0@1.0.11-1+deb12u2, glibc/libc-devtools@2.36-9+deb12u7 - From: libde265/libde265-0@1.0.11-1+deb12u2 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > libde265/libde265-0@1.0.11-1+deb12u2 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in krb5/libkrb5support0 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-1549480 - Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - and 6 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libkrb5support0 - Description: CVE-2024-26461 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-6277411 - Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - and 6 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libkrb5support0 - Description: CVE-2024-26458 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-6277412 - Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - and 6 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libkrb5support0 - Description: CVE-2024-26462 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-6277421 - Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - and 6 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libkrb5support0 - Description: CVE-2024-37370 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411314 - Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - and 6 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.20.1-2+deb12u2 - -✗ Low severity vulnerability found in krb5/libkrb5support0 - Description: CVE-2024-37371 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-KRB5-7411315 - Introduced through: curl@7.88.1-10+deb12u5, libgcrypt20/libgcrypt20-dev@1.10.1-3, krb5/krb5-locales@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libk5crypto3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > krb5/libgssapi-krb5-2@1.20.1-2+deb12u1 > krb5/libkrb5-3@1.20.1-2+deb12u1 > krb5/libkrb5support0@1.20.1-2+deb12u1 - and 6 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.20.1-2+deb12u2 - -✗ Low severity vulnerability found in jbigkit/libjbig0 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-JBIGKIT-1549085 - Introduced through: jbigkit/libjbig0@2.1-6.1, glibc/libc-devtools@2.36-9+deb12u7 - From: jbigkit/libjbig0@2.1-6.1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > tiff/libtiff6@4.5.0-6+deb12u1 > jbigkit/libjbig0@2.1-6.1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-1547121 - Introduced through: apt@2.6.1, curl@7.88.1-10+deb12u5 - From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Uncaught Exception - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-6474581 - Introduced through: apt@2.6.1, curl@7.88.1-10+deb12u5 - From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.9-2+deb12u3 - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-6474586 - Introduced through: apt@2.6.1, curl@7.88.1-10+deb12u5 - From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openldap/libldap-2.5-0@2.5.13+dfsg-5 > gnutls28/libgnutls30@3.7.9-2+deb12u2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.9-2+deb12u3 - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUPG2-3330747 - Introduced through: gnupg2/gpgv@2.2.40-1.1, apt@2.6.1 - From: gnupg2/gpgv@2.2.40-1.1 - From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1546991 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547039 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547069 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547135 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547293 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2019-1010023 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547373 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc-devtools@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7, libgcrypt20/libgcrypt20-dev@1.10.1-3 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc-devtools@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - and 2 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in gcc-12/libstdc++6 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-2606941 - Introduced through: abseil/libabsl20220623@20220623.1-1, apt@2.6.1, boost1.74/libboost-thread1.74.0@1.74.0+ds1-21, icu/libicu72@72.1-3, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 - From: abseil/libabsl20220623@20220623.1-1 > gcc-12/libstdc++6@12.2.0-14 - From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 - From: boost1.74/libboost-thread1.74.0@1.74.0+ds1-21 > gcc-12/libstdc++6@12.2.0-14 - and 10 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in gcc-12/libstdc++6 - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-5901316 - Introduced through: abseil/libabsl20220623@20220623.1-1, apt@2.6.1, boost1.74/libboost-thread1.74.0@1.74.0+ds1-21, icu/libicu72@72.1-3, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 - From: abseil/libabsl20220623@20220623.1-1 > gcc-12/libstdc++6@12.2.0-14 - From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 - From: boost1.74/libboost-thread1.74.0@1.74.0+ds1-21 > gcc-12/libstdc++6@12.2.0-14 - and 10 more... - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in expat/libexpat1 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227597 - Introduced through: expat/libexpat1@2.5.0-1, glibc/libc-devtools@2.36-9+deb12u7 - From: expat/libexpat1@2.5.0-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > expat/libexpat1@2.5.0-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in expat/libexpat1 - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6227603 - Introduced through: expat/libexpat1@2.5.0-1, glibc/libc-devtools@2.36-9+deb12u7 - From: expat/libexpat1@2.5.0-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > expat/libexpat1@2.5.0-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in expat/libexpat1 - Description: CVE-2024-28757 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-EXPAT-6420595 - Introduced through: expat/libexpat1@2.5.0-1, glibc/libc-devtools@2.36-9+deb12u7 - From: expat/libexpat1@2.5.0-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > fontconfig/libfontconfig1@2.14.1-4 > expat/libexpat1@2.5.0-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in dav1d/libdav1d6 - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-DAV1D-5518047 - Introduced through: dav1d/libdav1d6@1.0.0-2+deb12u1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: dav1d/libdav1d6@1.0.0-2+deb12u1 - From: libavif/libavif15@0.11.1-1 > dav1d/libdav1d6@1.0.0-2+deb12u1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > dav1d/libdav1d6@1.0.0-2+deb12u1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2379 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-CURL-6501697 - Introduced through: curl@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2398 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-CURL-6501702 - Introduced through: curl@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.88.1-10+deb12u6 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2004 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-CURL-6501703 - Introduced through: curl@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 - From: curl@7.88.1-10+deb12u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.88.1-10+deb12u6 - -✗ Low severity vulnerability found in coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543939 - Introduced through: coreutils@9.1-1 - From: coreutils@9.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543947 - Introduced through: coreutils@9.1-1 - From: coreutils@9.1-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in apt/libapt-pkg6.0 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-APT-1541449 - Introduced through: apt/libapt-pkg6.0@2.6.1, apt@2.6.1 - From: apt/libapt-pkg6.0@2.6.1 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 - From: apt@2.6.1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in aom/libaom3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-AOM-5878995 - Introduced through: aom/libaom3@3.6.0-1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: aom/libaom3@3.6.0-1 - From: libavif/libavif15@0.11.1-1 > aom/libaom3@3.6.0-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > aom/libaom3@3.6.0-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in aom/libaom3 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-AOM-6140324 - Introduced through: aom/libaom3@3.6.0-1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: aom/libaom3@3.6.0-1 - From: libavif/libavif15@0.11.1-1 > aom/libaom3@3.6.0-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > aom/libaom3@3.6.0-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Low severity vulnerability found in aom/libaom3 - Description: CVE-2024-5171 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-AOM-7197979 - Introduced through: aom/libaom3@3.6.0-1, libavif/libavif15@0.11.1-1, glibc/libc-devtools@2.36-9+deb12u7 - From: aom/libaom3@3.6.0-1 - From: libavif/libavif15@0.11.1-1 > aom/libaom3@3.6.0-1 - From: glibc/libc-devtools@2.36-9+deb12u7 > libgd2/libgd3@2.3.3-9 > libheif/libheif1@1.15.1-1 > aom/libaom3@3.6.0-1 - Image layer: Introduced by your base image (debian:12.4-slim) - -✗ Medium severity vulnerability found in openssl/libssl3 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6048820 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.0.13-1~deb12u1 - -✗ Medium severity vulnerability found in openssl/libssl3 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6148845 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.0.13-1~deb12u1 - -✗ Medium severity vulnerability found in openssl/libssl3 - Description: CVE-2024-0727 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6190223 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10, ca-certificates@20230311, curl@7.88.1-10+deb12u5, openssl@3.0.11-1~deb12u2 - From: cyrus-sasl2/libsasl2-modules@2.1.28+dfsg-10 > openssl/libssl3@3.0.11-1~deb12u2 - From: ca-certificates@20230311 > openssl@3.0.11-1~deb12u2 > openssl/libssl3@3.0.11-1~deb12u2 - From: curl@7.88.1-10+deb12u5 > curl/libcurl4@7.88.1-10+deb12u5 > openssl/libssl3@3.0.11-1~deb12u2 - and 4 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.0.13-1~deb12u1 - -✗ High severity vulnerability found in systemd/libsystemd0 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-6277507 - Introduced through: systemd/libsystemd0@252.22-1~deb12u1, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.22-1~deb12u1 - From: systemd/libsystemd0@252.22-1~deb12u1 - From: apt@2.6.1 > systemd/libsystemd0@252.22-1~deb12u1 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.22-1~deb12u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 252.23-1~deb12u1 - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 - Introduced through: curl@7.88.1-10+deb12u5, util-linux@2.38.1-5+deb12u1, apt@2.6.1, dash@0.5.12-2, glibc/libc-devtools@2.36-9+deb12u7 - From: curl@7.88.1-10+deb12u5 > zlib/zlib1g@1:1.2.13.dfsg-1 - From: util-linux@2.38.1-5+deb12u1 > zlib/zlib1g@1:1.2.13.dfsg-1 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > zlib/zlib1g@1:1.2.13.dfsg-1 - and 9 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|fiware/orion -Docker image: fiware/orion:latest -Platform: linux/amd64 -Base image: debian:12.4-slim -Licenses: enabled - -Tested 159 dependencies for known issues, found 95 issues. - -Base Image Vulnerabilities Severity -debian:12.4-slim 48 1 critical, 3 high, 2 medium, 42 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -debian:bookworm-20240701-slim 33 1 critical, 0 high, 0 medium, 32 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -``` diff --git a/Snyk/scan_results/grafana_grafana_9.3.0.md b/Snyk/scan_results/grafana_grafana_9.3.0.md deleted file mode 100644 index 666beeb..0000000 --- a/Snyk/scan_results/grafana_grafana_9.3.0.md +++ /dev/null @@ -1,440 +0,0 @@ -**Scanning grafana/grafana:9.3.0** -``` - -Testing grafana/grafana:9.3.0... - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314628 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1t-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5291790 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1t-r2 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5661569 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1u-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Inefficient Regular Expression Complexity - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5788364 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1u-r2 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-5821139 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1v-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-6070608 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1w-r1 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314621 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1t-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Access of Resource Using Incompatible Type ('Type Confusion') - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314622 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1t-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3314629 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1t-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-OPENSSL-3368753 - Introduced through: openssl/libcrypto1.1@1.1.1q-r0, openssl/libssl1.1@1.1.1q-r0, apk-tools/apk-tools@2.12.7-r3, libretls/libretls@3.3.4-r3, ca-certificates/ca-certificates@20220614-r0 - From: openssl/libcrypto1.1@1.1.1q-r0 - From: openssl/libssl1.1@1.1.1q-r0 > openssl/libcrypto1.1@1.1.1q-r0 - From: apk-tools/apk-tools@2.12.7-r3 > openssl/libcrypto1.1@1.1.1q-r0 - and 5 more... - Image layer: 'apk add --no-cache ca-certificates bash tzdata musl-utils' - Fixed in: 1.1.1t-r2 - -✗ High severity vulnerability found in ncurses/ncurses-terminfo-base - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE315-NCURSES-5606598 - Introduced through: ncurses/ncurses-terminfo-base@6.3_p20211120-r1, ncurses/ncurses-libs@6.3_p20211120-r1, readline/readline@8.1.1-r0 - From: ncurses/ncurses-terminfo-base@6.3_p20211120-r1 - From: ncurses/ncurses-libs@6.3_p20211120-r1 > ncurses/ncurses-terminfo-base@6.3_p20211120-r1 - From: ncurses/ncurses-libs@6.3_p20211120-r1 - and 1 more... - Image layer: Introduced by your base image (grafana/grafana:9.3.0) - Fixed in: 6.3_p20211120-r2 - - - -Organization: bhavdeep1304 -Package manager: apk -Project name: docker-image|grafana/grafana -Docker image: grafana/grafana:9.3.0 -Platform: linux/amd64 -Base image: grafana/grafana:9.3.0 -Licenses: enabled - -Tested 24 dependencies for known issues, found 11 issues. - -Base Image Vulnerabilities Severity -grafana/grafana:9.3.0 11 0 critical, 5 high, 6 medium, 0 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -grafana/grafana:9.5.20 8 0 critical, 0 high, 4 medium, 4 low - -Major upgrades -Base Image Vulnerabilities Severity -grafana/grafana:11.0.1 8 0 critical, 0 high, 4 medium, 4 low - -Alpine 3.15.6 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates. - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - -------------------------------------------------------- - -Testing grafana/grafana:9.3.0... - -✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json - Description: Infinite loop - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 - Introduced through: google.golang.org/protobuf/internal/encoding/json@v1.28.1 - From: google.golang.org/protobuf/internal/encoding/json@v1.28.1 - Fixed in: 1.33.0 - -✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 - Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 - From: google.golang.org/protobuf/encoding/protojson@v1.28.1 - Fixed in: 1.32.0 - -✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson - Description: Infinite loop - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 - Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 - From: google.golang.org/protobuf/encoding/protojson@v1.28.1 - Fixed in: 1.33.0 - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.4.0 - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/crypto/ssh - Description: Authentication Bypass by Capture-replay - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 - Introduced through: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d - From: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in github.com/prometheus/exporter-toolkit/web - Description: Incorrect Implementation of Authentication Algorithm - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSEXPORTERTOOLKITWEB-3150818 - Introduced through: github.com/prometheus/exporter-toolkit/web@v0.7.1 - From: github.com/prometheus/exporter-toolkit/web@v0.7.1 - Fixed in: 0.7.2, 0.8.2 - -✗ Medium severity vulnerability found in github.com/go-git/go-git/v5/plumbing - Description: Uncontrolled Resource Consumption ('Resource Exhaustion') - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-6140319 - Introduced through: github.com/go-git/go-git/v5/plumbing@v5.4.2 - From: github.com/go-git/go-git/v5/plumbing@v5.4.2 - Fixed in: 5.11.0 - -✗ High severity vulnerability found in google.golang.org/grpc - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 - Introduced through: google.golang.org/grpc@v1.45.0 - From: google.golang.org/grpc@v1.45.0 - Fixed in: 1.56.3, 1.57.1, 1.58.3 - -✗ High severity vulnerability found in golang.org/x/net/http2/hpack - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2HPACK-3358253 - Introduced through: golang.org/x/net/http2/hpack@v0.1.0 - From: golang.org/x/net/http2/hpack@v0.1.0 - Fixed in: 0.7.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.7.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.23.0 - -✗ High severity vulnerability found in github.com/mattn/go-sqlite3 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMATTNGOSQLITE3-6139875 - Introduced through: github.com/mattn/go-sqlite3@v1.14.16 - From: github.com/mattn/go-sqlite3@v1.14.16 - Fixed in: 1.14.18 - -✗ High severity vulnerability found in github.com/elazarl/goproxy - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247 - Introduced through: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac - From: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac - -✗ Critical severity vulnerability found in github.com/go-git/go-git/v5 - Description: Path Traversal - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5-6150754 - Introduced through: github.com/go-git/go-git/v5@v5.4.2 - From: github.com/go-git/go-git/v5@v5.4.2 - Fixed in: 5.11.0 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /usr/share/grafana/bin/grafana-cli -Project name: github.com/grafana/grafana -Docker image: grafana/grafana:9.3.0 -Licenses: enabled - -Tested 747 dependencies for known issues, found 16 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test grafana/grafana:9.3.0 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing grafana/grafana:9.3.0... - -✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json - Description: Infinite loop - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 - Introduced through: google.golang.org/protobuf/internal/encoding/json@v1.28.1 - From: google.golang.org/protobuf/internal/encoding/json@v1.28.1 - Fixed in: 1.33.0 - -✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 - Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 - From: google.golang.org/protobuf/encoding/protojson@v1.28.1 - Fixed in: 1.32.0 - -✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson - Description: Infinite loop - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 - Introduced through: google.golang.org/protobuf/encoding/protojson@v1.28.1 - From: google.golang.org/protobuf/encoding/protojson@v1.28.1 - Fixed in: 1.33.0 - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3160322 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.4.0 - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/crypto/ssh - Description: Authentication Bypass by Capture-replay - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 - Introduced through: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d - From: golang.org/x/crypto/ssh@v0.0.0-20220622213112-05595931fe9d - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/crypto/openpgp/clearsign - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOOPENPGPCLEARSIGN-5813980 - Introduced through: golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220622213112-05595931fe9d - From: golang.org/x/crypto/openpgp/clearsign@v0.0.0-20220622213112-05595931fe9d - Fixed in: 0.1.0 - -✗ Medium severity vulnerability found in github.com/ua-parser/uap-go/uaparser - Description: Regular Expression Denial of Service (ReDoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUAPARSERUAPGOUAPARSER-1298048 - Introduced through: github.com/ua-parser/uap-go/uaparser@v0.0.0-20211112212520-00c877edfe0f - From: github.com/ua-parser/uap-go/uaparser@v0.0.0-20211112212520-00c877edfe0f - -✗ Medium severity vulnerability found in github.com/prometheus/exporter-toolkit/web - Description: Incorrect Implementation of Authentication Algorithm - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPROMETHEUSEXPORTERTOOLKITWEB-3150818 - Introduced through: github.com/prometheus/exporter-toolkit/web@v0.7.1 - From: github.com/prometheus/exporter-toolkit/web@v0.7.1 - Fixed in: 0.7.2, 0.8.2 - -✗ Medium severity vulnerability found in github.com/go-git/go-git/v5/plumbing - Description: Uncontrolled Resource Consumption ('Resource Exhaustion') - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-6140319 - Introduced through: github.com/go-git/go-git/v5/plumbing@v5.4.2 - From: github.com/go-git/go-git/v5/plumbing@v5.4.2 - Fixed in: 5.11.0 - -✗ High severity vulnerability found in google.golang.org/grpc - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 - Introduced through: google.golang.org/grpc@v1.45.0 - From: google.golang.org/grpc@v1.45.0 - Fixed in: 1.56.3, 1.57.1, 1.58.3 - -✗ High severity vulnerability found in golang.org/x/net/http2/hpack - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2HPACK-3358253 - Introduced through: golang.org/x/net/http2/hpack@v0.1.0 - From: golang.org/x/net/http2/hpack@v0.1.0 - Fixed in: 0.7.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-3323837 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.7.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 - Introduced through: golang.org/x/net/http2@v0.1.0 - From: golang.org/x/net/http2@v0.1.0 - Fixed in: 0.23.0 - -✗ High severity vulnerability found in github.com/mattn/go-sqlite3 - Description: Heap-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMATTNGOSQLITE3-6139875 - Introduced through: github.com/mattn/go-sqlite3@v1.14.16 - From: github.com/mattn/go-sqlite3@v1.14.16 - Fixed in: 1.14.18 - -✗ High severity vulnerability found in github.com/elazarl/goproxy - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMELAZARLGOPROXY-5783247 - Introduced through: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac - From: github.com/elazarl/goproxy@v0.0.0-20220115173737-adb46da277ac - -✗ Critical severity vulnerability found in github.com/go-git/go-git/v5 - Description: Path Traversal - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5-6150754 - Introduced through: github.com/go-git/go-git/v5@v5.4.2 - From: github.com/go-git/go-git/v5@v5.4.2 - Fixed in: 5.11.0 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /usr/share/grafana/bin/grafana-server -Project name: github.com/grafana/grafana -Docker image: grafana/grafana:9.3.0 -Licenses: enabled - -Tested 910 dependencies for known issues, found 18 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test grafana/grafana:9.3.0 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - - -Tested 3 projects, 3 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/mongo-express_1.0.2-20.md b/Snyk/scan_results/mongo-express_1.0.2-20.md deleted file mode 100644 index 40f6cf5..0000000 --- a/Snyk/scan_results/mongo-express_1.0.2-20.md +++ /dev/null @@ -1,237 +0,0 @@ -**Scanning mongo-express:1.0.2-20** -``` - -Testing mongo-express:1.0.2-20... - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6593964 - Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 - From: openssl/libcrypto3@3.1.4-r5 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 - From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 - and 4 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 3.1.4-r6 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-4603 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6928857 - Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 - From: openssl/libcrypto3@3.1.4-r5 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 - From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 - and 4 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 3.1.5-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413525 - Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 - From: openssl/libcrypto3@3.1.4-r5 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 - From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 - and 4 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 3.1.6-r0 - -✗ Low severity vulnerability found in openssl/libcrypto3 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-OPENSSL-7413536 - Introduced through: openssl/libcrypto3@3.1.4-r5, apk-tools/apk-tools@2.14.0-r2, busybox/ssl_client@1.36.1-r5, openssl/libssl3@3.1.4-r5 - From: openssl/libcrypto3@3.1.4-r5 - From: apk-tools/apk-tools@2.14.0-r2 > openssl/libcrypto3@3.1.4-r5 - From: busybox/ssl_client@1.36.1-r5 > openssl/libcrypto3@3.1.4-r5 - and 4 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 3.1.6-r0 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-6913411 - Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 - From: busybox/busybox@1.36.1-r5 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 - From: busybox/busybox-binsh@1.36.1-r5 - and 3 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 1.36.1-r6 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249236 - Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 - From: busybox/busybox@1.36.1-r5 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 - From: busybox/busybox-binsh@1.36.1-r5 - and 3 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 1.36.1-r7 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249265 - Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 - From: busybox/busybox@1.36.1-r5 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 - From: busybox/busybox-binsh@1.36.1-r5 - and 3 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 1.36.1-r7 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE318-BUSYBOX-7249419 - Introduced through: busybox/busybox@1.36.1-r5, alpine-baselayout/alpine-baselayout@3.4.3-r1, busybox/busybox-binsh@1.36.1-r5, bash/bash@5.2.15-r5, busybox/ssl_client@1.36.1-r5 - From: busybox/busybox@1.36.1-r5 - From: alpine-baselayout/alpine-baselayout@3.4.3-r1 > busybox/busybox-binsh@1.36.1-r5 > busybox/busybox@1.36.1-r5 - From: busybox/busybox-binsh@1.36.1-r5 - and 3 more... - Image layer: 'apk add --no-cache bash tini' - Fixed in: 1.36.1-r7 - ------------- Detected 5 vulnerabilities for node@20.13.1 ------------ - - -✗ Low severity vulnerability found in node - Description: Authorization Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430907 - Introduced through: node@20.13.1 - From: node@20.13.1 - Image layer: Introduced by your base image (alpine:3.18.6) - Fixed in: 20.15.1, 22.4.1 - -✗ Low severity vulnerability found in node - Description: Authorization Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430909 - Introduced through: node@20.13.1 - From: node@20.13.1 - Image layer: Introduced by your base image (alpine:3.18.6) - Fixed in: 20.15.1, 22.4.1 - -✗ Low severity vulnerability found in node - Description: Improper Handling of Values - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430912 - Introduced through: node@20.13.1 - From: node@20.13.1 - Image layer: Introduced by your base image (alpine:3.18.6) - Fixed in: 20.15.1, 22.4.1 - -✗ Medium severity vulnerability found in node - Description: Improper Control of Generation of Code ('Code Injection') - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430900 - Introduced through: node@20.13.1 - From: node@20.13.1 - Image layer: Introduced by your base image (alpine:3.18.6) - Fixed in: 20.15.1 - -✗ Medium severity vulnerability found in node - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-UPSTREAM-NODE-7430905 - Introduced through: node@20.13.1 - From: node@20.13.1 - Image layer: Introduced by your base image (alpine:3.18.6) - Fixed in: 20.15.1 - -Organization: bhavdeep1304 -Package manager: apk -Project name: docker-image|mongo-express -Docker image: mongo-express:1.0.2-20 -Platform: linux/amd64 -Base image: alpine:3.18.6 -Licenses: enabled - -Tested 22 dependencies for known issues, found 13 issues. - -Base Image Vulnerabilities Severity -alpine:3.18.6 8 0 critical, 0 high, 4 medium, 4 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -alpine:3 1 0 critical, 0 high, 0 medium, 1 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - -------------------------------------------------------- - -Testing mongo-express:1.0.2-20... - -Tested 391 dependencies for known issues, found 14 issues. - - -Issues to fix by upgrading: - - Upgrade express@4.18.2 to express@4.19.2 to fix - ✗ Open Redirect [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-EXPRESS-6474509] in express@4.18.2 - introduced by express@4.18.2 - - Upgrade mongodb@4.13.0 to mongodb@4.17.0 to fix - ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-MONGODB-5871303] in mongodb@4.13.0 - introduced by mongodb@4.13.0 - - Upgrade mongodb-query-parser@2.4.6 to mongodb-query-parser@2.4.7 to fix - ✗ Regular Expression Denial of Service (ReDoS) (new) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-ASYNC-7414156] in async@3.2.4 - introduced by mongodb-query-parser@2.4.6 > mongodb-extended-json@1.11.0 > async@3.2.4 - - -Issues with no direct upgrade or patch: - ✗ Incomplete List of Disallowed Inputs [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462] in @babel/traverse@7.19.6 - introduced by nyc@15.1.0 > istanbul-lib-instrument@4.0.3 > @babel/core@7.19.6 > @babel/traverse@7.19.6 and 2 other path(s) - This issue was fixed in versions: 7.23.2, 8.0.0-alpha.4 - ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ES5EXT-6095076] in es5-ext@0.10.62 - introduced by cli-color@2.0.3 > es5-ext@0.10.62 and 91 other path(s) - This issue was fixed in versions: 0.10.63 - ✗ Arbitrary File Upload [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-2635697] in express-fileupload@1.4.0 - introduced by express-fileupload@1.4.0 - No upgrade or patch available - ✗ Arbitrary File Upload [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-EXPRESSFILEUPLOAD-2635946] in express-fileupload@1.4.0 - introduced by express-fileupload@1.4.0 - No upgrade or patch available - ✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-3325616] in fast-xml-parser@4.0.11 - introduced by mongodb@4.13.0 > @aws-sdk/credential-providers@3.204.0 > @aws-sdk/client-sts@3.204.0 > fast-xml-parser@4.0.11 and 2 other path(s) - This issue was fixed in versions: 4.1.2 - ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-FASTXMLPARSER-5668858] in fast-xml-parser@4.0.11 - introduced by mongodb@4.13.0 > @aws-sdk/credential-providers@3.204.0 > @aws-sdk/client-sts@3.204.0 > fast-xml-parser@4.0.11 and 2 other path(s) - This issue was fixed in versions: 4.2.4 - ✗ Missing Release of Resource after Effective Lifetime [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-INFLIGHT-6095116] in inflight@1.0.6 - introduced by nyc@15.1.0 > glob@7.2.3 > inflight@1.0.6 and 4 other path(s) - No upgrade or patch available - ✗ Server-side Request Forgery (SSRF) [High Severity][https://security.snyk.io/vuln/SNYK-JS-IP-6240864] in ip@2.0.0 - introduced by mongodb@4.13.0 > socks@2.7.1 > ip@2.0.0 - This issue was fixed in versions: 1.1.9, 2.0.1 - ✗ Server-Side Request Forgery (SSRF) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-IP-7148531] in ip@2.0.0 - introduced by mongodb@4.13.0 > socks@2.7.1 > ip@2.0.0 - No upgrade or patch available - ✗ Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-JSON5-3182856] in json5@2.2.1 - introduced by nyc@15.1.0 > istanbul-lib-instrument@4.0.3 > @babel/core@7.19.6 > json5@2.2.1 - This issue was fixed in versions: 1.0.2, 2.2.2 - ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795] in semver@6.3.0 - introduced by nyc@15.1.0 > make-dir@3.1.0 > semver@6.3.0 and 8 other path(s) - This issue was fixed in versions: 5.7.2, 6.3.1, 7.5.2 - - - -Organization: bhavdeep1304 -Package manager: yarn -Target file: /app/package.json -Project name: mongo-express -Docker image: mongo-express:1.0.2-20 -Licenses: enabled - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test mongo-express:1.0.2-20 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - - -Tested 2 projects, 2 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/mongo_4.4.md b/Snyk/scan_results/mongo_4.4.md deleted file mode 100644 index 09fb69a..0000000 --- a/Snyk/scan_results/mongo_4.4.md +++ /dev/null @@ -1,229 +0,0 @@ -**Scanning mongo:4.4** -``` - -Testing mongo:4.4... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-26604 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-3339226 - Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, systemd/libudev1@245.4-4ubuntu3.23 - From: systemd/libsystemd0@245.4-4ubuntu3.23 - From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 - From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 - and 6 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-7008 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-6137854 - Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, systemd/libudev1@245.4-4ubuntu3.23 - From: systemd/libsystemd0@245.4-4ubuntu3.23 - From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 - From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 - and 6 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-5425687 - Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.5, util-linux/mount@2.34-0.1ubuntu9.6 - From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 - From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 - From: shadow/login@1:4.8.1-1ubuntu5.20.04.5 - and 1 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-577863 - Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.5, util-linux/mount@2.34-0.1ubuntu9.6 - From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 - From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.5 - From: shadow/login@1:4.8.1-1ubuntu5.20.04.5 - and 1 more... - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE3-580031 - Introduced through: pcre3/libpcre3@2:8.39-12ubuntu0.1, grep@3.4-1 - From: pcre3/libpcre3@2:8.39-12ubuntu0.1 - From: grep@3.4-1 > pcre3/libpcre3@2:8.39-12ubuntu0.1 - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-6592107 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@4.4.29 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 - From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.22 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-mongos@4.4.29 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 - and 6 more... - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-7151336 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@4.4.29 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 - From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.22 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-mongos@4.4.29 > openssl/libssl1.1@1.1.1f-1ubuntu2.22 - and 6 more... - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6123866 - Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 - From: ncurses/libtinfo6@6.2-0ubuntu2.1 - From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 - From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 - and 12 more... - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6253014 - Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.6, util-linux/mount@2.34-0.1ubuntu9.6, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 - From: ncurses/libtinfo6@6.2-0ubuntu2.1 - From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 - From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 - and 12 more... - -✗ Low severity vulnerability found in krb5/krb5-locales - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-579303 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - and 10 more... - -✗ Low severity vulnerability found in krb5/krb5-locales - Description: CVE-2024-26461 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281066 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - and 10 more... - -✗ Low severity vulnerability found in krb5/krb5-locales - Description: CVE-2024-26458 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281078 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - and 10 more... - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUPG2-3035407 - Introduced through: gnupg2/gpgv@2.2.19-3ubuntu2.2, apt@2.0.10 - From: gnupg2/gpgv@2.2.19-3ubuntu2.2 - From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-1297554 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 - From: glibc/libc-bin@2.31-0ubuntu9.15 - From: glibc/libc6@2.31-0ubuntu9.15 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-2415100 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 - From: glibc/libc-bin@2.31-0ubuntu9.15 - From: glibc/libc6@2.31-0ubuntu9.15 - -✗ Low severity vulnerability found in coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-COREUTILS-583876 - Introduced through: coreutils@8.30-3ubuntu2 - From: coreutils@8.30-3ubuntu2 - -✗ Medium severity vulnerability found in xz-utils/liblzma5 - Description: CVE-2020-22916 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-XZUTILS-5854646 - Introduced through: xz-utils/liblzma5@5.2.4-1ubuntu1.1 - From: xz-utils/liblzma5@5.2.4-1ubuntu1.1 - -✗ Medium severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-LIBGCRYPT20-6411449 - Introduced through: libgcrypt20@1.8.5-5ubuntu1.1, apt@2.0.10 - From: libgcrypt20@1.8.5-5ubuntu1.1 - From: apt@2.0.10 > apt/libapt-pkg6.0@2.0.10 > libgcrypt20@1.8.5-5ubuntu1.1 - From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 > libgcrypt20@1.8.5-5ubuntu1.1 - and 1 more... - -✗ Medium severity vulnerability found in krb5/krb5-locales - Description: CVE-2024-26462 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281072 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, mongodb-org@4.4.29 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-tools@4.4.29 > mongodb-database-tools@100.9.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@4.4.29 > mongodb-org/mongodb-org-shell@4.4.29 > curl/libcurl4@7.68.0-1ubuntu2.22 > krb5/libgssapi-krb5-2@1.17-6ubuntu4.4 > krb5/libkrb5support0@1.17-6ubuntu4.4 - and 10 more... - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33600 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674185 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 - From: glibc/libc-bin@2.31-0ubuntu9.15 - From: glibc/libc6@2.31-0ubuntu9.15 - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33599 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674200 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 - From: glibc/libc-bin@2.31-0ubuntu9.15 - From: glibc/libc6@2.31-0ubuntu9.15 - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33601 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674209 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 - From: glibc/libc-bin@2.31-0ubuntu9.15 - From: glibc/libc6@2.31-0ubuntu9.15 - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33602 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674218 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.15, glibc/libc6@2.31-0ubuntu9.15 - From: glibc/libc-bin@2.31-0ubuntu9.15 - From: glibc/libc6@2.31-0ubuntu9.15 - Fixed in: 2.31-0ubuntu9.16 - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|mongo -Docker image: mongo:4.4 -Platform: linux/amd64 -Licenses: enabled - -Tested 136 dependencies for known issues, found 23 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test mongo:4.4 --file=path/to/Dockerfile - -To remove this message in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing mongo:4.4... - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /usr/local/bin/gosu -Project name: github.com/tianon/gosu -Docker image: mongo:4.4 -Licenses: enabled - -✔ Tested 2 dependencies for known issues, no vulnerable paths found. - - -Tested 2 projects, 1 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/mongo_5.0.24.md b/Snyk/scan_results/mongo_5.0.24.md deleted file mode 100644 index 8cfcf32..0000000 --- a/Snyk/scan_results/mongo_5.0.24.md +++ /dev/null @@ -1,327 +0,0 @@ -**Scanning mongo:5.0.24** -``` - -Testing mongo:5.0.24... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-26604 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-3339226 - Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, systemd/libudev1@245.4-4ubuntu3.23 - From: systemd/libsystemd0@245.4-4ubuntu3.23 - From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 - From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 - and 6 more... - Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-7008 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SYSTEMD-6137854 - Introduced through: systemd/libsystemd0@245.4-4ubuntu3.23, apt@2.0.10, procps/libprocps8@2:3.3.16-1ubuntu2.4, util-linux/bsdutils@1:2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, systemd/libudev1@245.4-4ubuntu3.23 - From: systemd/libsystemd0@245.4-4ubuntu3.23 - From: apt@2.0.10 > systemd/libsystemd0@245.4-4ubuntu3.23 - From: procps/libprocps8@2:3.3.16-1ubuntu2.4 > systemd/libsystemd0@245.4-4ubuntu3.23 - and 6 more... - Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-5425687 - Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.4, util-linux/mount@2.34-0.1ubuntu9.4 - From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 - From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 - From: shadow/login@1:4.8.1-1ubuntu5.20.04.4 - and 1 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in shadow/passwd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-577863 - Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.4, util-linux/mount@2.34-0.1ubuntu9.4 - From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 - From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 - From: shadow/login@1:4.8.1-1ubuntu5.20.04.4 - and 1 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-SHADOW-5879186 - Introduced through: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4, adduser@3.118ubuntu2, shadow/login@1:4.8.1-1ubuntu5.20.04.4, util-linux/mount@2.34-0.1ubuntu9.4 - From: shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 - From: adduser@3.118ubuntu2 > shadow/passwd@1:4.8.1-1ubuntu5.20.04.4 - From: shadow/login@1:4.8.1-1ubuntu5.20.04.4 - and 1 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 1:4.8.1-1ubuntu5.20.04.5 - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-PCRE3-580031 - Introduced through: pcre3/libpcre3@2:8.39-12ubuntu0.1, grep@3.4-1 - From: pcre3/libpcre3@2:8.39-12ubuntu0.1 - From: grep@3.4-1 > pcre3/libpcre3@2:8.39-12ubuntu0.1 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-6592107 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@5.0.24 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 - From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.21 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-mongos@5.0.24 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 - and 6 more... - Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-OPENSSL-7151336 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1, ca-certificates@20230311ubuntu0.20.04.1, mongodb-org@5.0.24 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2ubuntu0.1 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 - From: ca-certificates@20230311ubuntu0.20.04.1 > openssl@1.1.1f-1ubuntu2.21 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-mongos@5.0.24 > openssl/libssl1.1@1.1.1f-1ubuntu2.21 - and 6 more... - Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6123866 - Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 - From: ncurses/libtinfo6@6.2-0ubuntu2.1 - From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 - From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 - and 12 more... - Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NCURSES-6253014 - Introduced through: ncurses/libtinfo6@6.2-0ubuntu2.1, bash@5.0-6ubuntu1.2, ncurses/libncurses6@6.2-0ubuntu2.1, ncurses/ncurses-bin@6.2-0ubuntu2.1, procps@2:3.3.16-1ubuntu2.4, util-linux/fdisk@2.34-0.1ubuntu9.4, util-linux/mount@2.34-0.1ubuntu9.4, ncurses/libncursesw6@6.2-0ubuntu2.1, ncurses/ncurses-base@6.2-0ubuntu2.1 - From: ncurses/libtinfo6@6.2-0ubuntu2.1 - From: bash@5.0-6ubuntu1.2 > ncurses/libtinfo6@6.2-0ubuntu2.1 - From: ncurses/libncurses6@6.2-0ubuntu2.1 > ncurses/libtinfo6@6.2-0ubuntu2.1 - and 12 more... - Image layer: 'apt-get install -y --no-install-recommends ca-certificates jq numactl procps' - -✗ Low severity vulnerability found in krb5/krb5-locales - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-579303 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 - and 7 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in krb5/krb5-locales - Description: CVE-2024-26461 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281066 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 - and 7 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in krb5/krb5-locales - Description: CVE-2024-26458 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281078 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 - and 7 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUPG2-3035407 - Introduced through: gnupg2/gpgv@2.2.19-3ubuntu2.2, apt@2.0.10 - From: gnupg2/gpgv@2.2.19-3ubuntu2.2 - From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-1297554 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-2415100 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Low severity vulnerability found in coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-COREUTILS-583876 - Introduced through: coreutils@8.30-3ubuntu2 - From: coreutils@8.30-3ubuntu2 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Medium severity vulnerability found in xz-utils/liblzma5 - Description: CVE-2020-22916 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-XZUTILS-5854646 - Introduced through: xz-utils/liblzma5@5.2.4-1ubuntu1.1 - From: xz-utils/liblzma5@5.2.4-1ubuntu1.1 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Medium severity vulnerability found in util-linux/libblkid1 - Description: CVE-2024-28085 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-UTILLINUX-6508371 - Introduced through: util-linux/libblkid1@2.34-0.1ubuntu9.4, e2fsprogs@1.45.5-2ubuntu1.1, util-linux/mount@2.34-0.1ubuntu9.4, util-linux/fdisk@2.34-0.1ubuntu9.4, util-linux/libuuid1@2.34-0.1ubuntu9.4, util-linux@2.34-0.1ubuntu9.4, sysvinit/sysvinit-utils@2.96-2.1ubuntu1, util-linux/bsdutils@1:2.34-0.1ubuntu9.4, util-linux/libfdisk1@2.34-0.1ubuntu9.4, util-linux/libmount1@2.34-0.1ubuntu9.4, util-linux/libsmartcols1@2.34-0.1ubuntu9.4 - From: util-linux/libblkid1@2.34-0.1ubuntu9.4 - From: e2fsprogs@1.45.5-2ubuntu1.1 > util-linux/libblkid1@2.34-0.1ubuntu9.4 - From: util-linux/mount@2.34-0.1ubuntu9.4 > util-linux/libblkid1@2.34-0.1ubuntu9.4 - and 23 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 2.34-0.1ubuntu9.5 - -✗ Medium severity vulnerability found in nghttp2/libnghttp2-14 - Description: CVE-2024-28182 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-NGHTTP2-6553931 - Introduced through: mongodb-org@5.0.24 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-shell@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 > nghttp2/libnghttp2-14@1.40.0-1ubuntu0.2 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 1.40.0-1ubuntu0.3 - -✗ Medium severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-LIBGCRYPT20-6411449 - Introduced through: libgcrypt20@1.8.5-5ubuntu1.1, apt@2.0.10 - From: libgcrypt20@1.8.5-5ubuntu1.1 - From: apt@2.0.10 > apt/libapt-pkg6.0@2.0.10 > libgcrypt20@1.8.5-5ubuntu1.1 - From: apt@2.0.10 > gnupg2/gpgv@2.2.19-3ubuntu2.2 > libgcrypt20@1.8.5-5ubuntu1.1 - and 1 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Medium severity vulnerability found in krb5/krb5-locales - Description: CVE-2024-26462 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-KRB5-6281072 - Introduced through: krb5/krb5-locales@1.17-6ubuntu4.4, krb5/libkrb5support0@1.17-6ubuntu4.4, mongodb-org@5.0.24 - From: krb5/krb5-locales@1.17-6ubuntu4.4 - From: krb5/libkrb5support0@1.17-6ubuntu4.4 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-tools@5.0.24 > mongodb-database-tools@100.9.4 > krb5/libk5crypto3@1.17-6ubuntu4.4 - and 7 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - -✗ Medium severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GNUTLS28-6481604 - Introduced through: gnutls28/libgnutls30@3.6.13-2ubuntu1.10, apt@2.0.10, mongodb-org@5.0.24 - From: gnutls28/libgnutls30@3.6.13-2ubuntu1.10 - From: apt@2.0.10 > gnutls28/libgnutls30@3.6.13-2ubuntu1.10 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-shell@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 > openldap/libldap-2.4-2@2.4.49+dfsg-2ubuntu1.10 > gnutls28/libgnutls30@3.6.13-2ubuntu1.10 - and 1 more... - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 3.6.13-2ubuntu1.11 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-2961 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6663150 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 2.31-0ubuntu9.15 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33600 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674185 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33599 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674200 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33601 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674209 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33602 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-GLIBC-6674218 - Introduced through: glibc/libc-bin@2.31-0ubuntu9.14, glibc/libc6@2.31-0ubuntu9.14 - From: glibc/libc-bin@2.31-0ubuntu9.14 - From: glibc/libc6@2.31-0ubuntu9.14 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 2.31-0ubuntu9.16 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2398 - Info: https://security.snyk.io/vuln/SNYK-UBUNTU2004-CURL-6507270 - Introduced through: mongodb-org@5.0.24 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-mongos@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-server@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 - From: mongodb-org@5.0.24 > mongodb-org/mongodb-org-database@5.0.24 > mongodb-org/mongodb-org-shell@5.0.24 > curl/libcurl4@7.68.0-1ubuntu2.21 - Image layer: Introduced by your base image (mongo:5.0.24-focal) - Fixed in: 7.68.0-1ubuntu2.22 - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|mongo -Docker image: mongo:5.0.24 -Platform: linux/amd64 -Base image: mongo:5.0.24-focal -Licenses: enabled - -Tested 138 dependencies for known issues, found 29 issues. - -Base Image Vulnerabilities Severity -mongo:5.0.24-focal 29 0 critical, 0 high, 12 medium, 17 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -mongo:5.0.26-focal 19 0 critical, 0 high, 3 medium, 16 low - -Alternative image types -Base Image Vulnerabilities Severity -mongo:8.0.0-rc9 19 0 critical, 0 high, 3 medium, 16 low -mongo:8.0.0-rc9-jammy 19 0 critical, 0 high, 3 medium, 16 low -mongo:5.0.27-rc0-focal 19 0 critical, 0 high, 3 medium, 16 low -mongo:5.0.27-rc0 19 0 critical, 0 high, 3 medium, 16 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - -------------------------------------------------------- - -Testing mongo:5.0.24... - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /usr/local/bin/gosu -Project name: github.com/tianon/gosu -Docker image: mongo:5.0.24 -Licenses: enabled - -✔ Tested 2 dependencies for known issues, no vulnerable paths found. - - -Tested 2 projects, 1 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/orchestracities_quantumleap_0.8.3.md b/Snyk/scan_results/orchestracities_quantumleap_0.8.3.md deleted file mode 100644 index 9b8b953..0000000 --- a/Snyk/scan_results/orchestracities_quantumleap_0.8.3.md +++ /dev/null @@ -1,595 +0,0 @@ -**Scanning orchestracities/quantumleap:0.8.3** -``` - -Testing orchestracities/quantumleap:0.8.3... - -✗ Low severity vulnerability found in openssl/libcrypto1.1 - Description: Inadequate Encryption Strength - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1075736 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1j-r0 - -✗ Low severity vulnerability found in busybox/busybox - Description: ALPINE-13661 - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-2606933 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r22 - -✗ Medium severity vulnerability found in util-linux/libuuid - Description: Files or Directories Accessible to External Parties - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-UTILLINUX-2393736 - Introduced through: util-linux/libuuid@2.35.2-r0, .python-rundeps@20200804.041307 - From: util-linux/libuuid@2.35.2-r0 - From: .python-rundeps@20200804.041307 > util-linux/libuuid@2.35.2-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.37.3-r0 - -✗ Medium severity vulnerability found in util-linux/libuuid - Description: Files or Directories Accessible to External Parties - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-UTILLINUX-2393737 - Introduced through: util-linux/libuuid@2.35.2-r0, .python-rundeps@20200804.041307 - From: util-linux/libuuid@2.35.2-r0 - From: .python-rundeps@20200804.041307 > util-linux/libuuid@2.35.2-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.37.3-r0 - -✗ Medium severity vulnerability found in util-linux/libuuid - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-UTILLINUX-2401803 - Introduced through: util-linux/libuuid@2.35.2-r0, .python-rundeps@20200804.041307 - From: util-linux/libuuid@2.35.2-r0 - From: .python-rundeps@20200804.041307 > util-linux/libuuid@2.35.2-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.37.4-r0 - -✗ Medium severity vulnerability found in sqlite/sqlite-libs - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-SQLITE-1300270 - Introduced through: sqlite/sqlite-libs@3.32.1-r0, .python-rundeps@20200804.041307 - From: sqlite/sqlite-libs@3.32.1-r0 - From: .python-rundeps@20200804.041307 > sqlite/sqlite-libs@3.32.1-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 3.32.1-r1 - -✗ Medium severity vulnerability found in sqlite/sqlite-libs - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-SQLITE-1300271 - Introduced through: sqlite/sqlite-libs@3.32.1-r0, .python-rundeps@20200804.041307 - From: sqlite/sqlite-libs@3.32.1-r0 - From: .python-rundeps@20200804.041307 > sqlite/sqlite-libs@3.32.1-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 3.32.1-r1 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1050745 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1i-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1075734 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1j-r0 - -✗ Medium severity vulnerability found in openssl/libcrypto1.1 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1089237 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1k-r0 - -✗ Medium severity vulnerability found in musl/musl-utils - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-MUSL-1042762 - Introduced through: musl/musl-utils@1.1.24-r8, libc-dev/libc-utils@0.7.2-r3, musl/musl@1.1.24-r9 - From: musl/musl-utils@1.1.24-r8 - From: libc-dev/libc-utils@0.7.2-r3 > musl/musl-utils@1.1.24-r8 - From: musl/musl@1.1.24-r9 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.1.24-r10 - -✗ Medium severity vulnerability found in krb5/krb5-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-KRB5-2432004 - Introduced through: krb5/krb5-libs@1.18.2-r0, krb5-conf/krb5-conf@1.0-r2, libtirpc/libtirpc@1.2.6-r0 - From: krb5/krb5-libs@1.18.2-r0 - From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.18.2-r0 - From: libtirpc/libtirpc@1.2.6-r0 > krb5/krb5-libs@1.18.2-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.18.5-r0 - -✗ Medium severity vulnerability found in expat/expat - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407751 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r2 - -✗ Medium severity vulnerability found in curl/libcurl - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804930 - Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 - From: curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 - Image layer: 'apk --no-cache add curl' - Fixed in: 7.79.1-r1 - -✗ Medium severity vulnerability found in curl/libcurl - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804936 - Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 - From: curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 - Image layer: 'apk --no-cache add curl' - Fixed in: 7.79.1-r1 - -✗ Medium severity vulnerability found in busybox/busybox - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920717 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in zlib/zlib - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-ZLIB-2434421 - Introduced through: zlib/zlib@1.2.11-r3, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 - From: zlib/zlib@1.2.11-r3 - From: .python-rundeps@20200804.041307 > zlib/zlib@1.2.11-r3 - From: apk-tools/apk-tools@2.10.5-r1 > zlib/zlib@1.2.11-r3 - and 2 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.2.12-r0 - -✗ High severity vulnerability found in xz/xz-libs - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-XZ-2445105 - Introduced through: xz/xz-libs@5.2.5-r0, .python-rundeps@20200804.041307 - From: xz/xz-libs@5.2.5-r0 - From: .python-rundeps@20200804.041307 > xz/xz-libs@5.2.5-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 5.2.5-r1 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1075735 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1j-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1089238 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1k-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1569450 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1l-r0 - -✗ High severity vulnerability found in openssl/libcrypto1.1 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-2426332 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1n-r0 - -✗ High severity vulnerability found in ncurses/ncurses-libs - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-NCURSES-2313024 - Introduced through: ncurses/ncurses-libs@6.2_p20200523-r0, readline/readline@8.0.4-r0, .python-rundeps@20200804.041307, ncurses/ncurses-terminfo-base@6.2_p20200523-r0 - From: ncurses/ncurses-libs@6.2_p20200523-r0 - From: readline/readline@8.0.4-r0 > ncurses/ncurses-libs@6.2_p20200523-r0 - From: .python-rundeps@20200804.041307 > ncurses/ncurses-libs@6.2_p20200523-r0 - and 2 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 6.2_p20200523-r1 - -✗ High severity vulnerability found in krb5/krb5-libs - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-KRB5-1043934 - Introduced through: krb5/krb5-libs@1.18.2-r0, krb5-conf/krb5-conf@1.0-r2, libtirpc/libtirpc@1.2.6-r0 - From: krb5/krb5-libs@1.18.2-r0 - From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.18.2-r0 - From: libtirpc/libtirpc@1.2.6-r0 > krb5/krb5-libs@1.18.2-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.18.3-r0 - -✗ High severity vulnerability found in krb5/krb5-libs - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-KRB5-1533463 - Introduced through: krb5/krb5-libs@1.18.2-r0, krb5-conf/krb5-conf@1.0-r2, libtirpc/libtirpc@1.2.6-r0 - From: krb5/krb5-libs@1.18.2-r0 - From: krb5-conf/krb5-conf@1.0-r2 > krb5/krb5-libs@1.18.2-r0 - From: libtirpc/libtirpc@1.2.6-r0 > krb5/krb5-libs@1.18.2-r0 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.18.4-r0 - -✗ High severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342149 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ High severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342151 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ High severity vulnerability found in expat/expat - Description: Incorrect Calculation - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342155 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ High severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342156 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ High severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342159 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ High severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2406623 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r1 - -✗ High severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407745 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r2 - -✗ High severity vulnerability found in curl/libcurl - Description: Missing Authentication for Critical Function - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804929 - Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 - From: curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 - Image layer: 'apk --no-cache add curl' - Fixed in: 7.79.1-r1 - -✗ High severity vulnerability found in curl/libcurl - Description: CVE-2022-27775 - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-CURL-2804935 - Introduced through: curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 - From: curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 > curl/libcurl@7.79.1-r0 - From: curl/curl@7.79.1-r0 - Image layer: 'apk --no-cache add curl' - Fixed in: 7.79.1-r1 - -✗ High severity vulnerability found in busybox/busybox - Description: Improper Handling of Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1089799 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r20 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920710 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920711 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920712 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920729 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920730 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920731 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920739 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920754 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-1920758 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r21 - -✗ High severity vulnerability found in busybox/busybox - Description: CVE-2022-28391 - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-BUSYBOX-2440610 - Introduced through: busybox/busybox@1.31.1-r16, alpine-baselayout/alpine-baselayout@3.2.0-r6, ca-certificates/ca-certificates@20191127-r3, busybox/ssl_client@1.31.1-r16 - From: busybox/busybox@1.31.1-r16 - From: alpine-baselayout/alpine-baselayout@3.2.0-r6 > busybox/busybox@1.31.1-r16 - From: ca-certificates/ca-certificates@20191127-r3 > busybox/busybox@1.31.1-r16 - and 1 more... - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 1.31.1-r22 - -✗ High severity vulnerability found in apk-tools/apk-tools - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1246338 - Introduced through: apk-tools/apk-tools@2.10.5-r1 - From: apk-tools/apk-tools@2.10.5-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.10.6-r0 - -✗ Critical severity vulnerability found in zlib/zlib - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-ZLIB-2977082 - Introduced through: zlib/zlib@1.2.11-r3, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, curl/libcurl@7.79.1-r0, curl/curl@7.79.1-r0 - From: zlib/zlib@1.2.11-r3 - From: .python-rundeps@20200804.041307 > zlib/zlib@1.2.11-r3 - From: apk-tools/apk-tools@2.10.5-r1 > zlib/zlib@1.2.11-r3 - and 2 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.2.12-r2 - -✗ Critical severity vulnerability found in openssl/libcrypto1.1 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-OPENSSL-1569452 - Introduced through: openssl/libcrypto1.1@1.1.1g-r0, openssl/libssl1.1@1.1.1g-r0, .python-rundeps@20200804.041307, apk-tools/apk-tools@2.10.5-r1, libtls-standalone/libtls-standalone@2.9.1-r1, ca-certificates/ca-certificates@20191127-r3, curl/libcurl@7.79.1-r0, krb5-conf/krb5-conf@1.0-r2 - From: openssl/libcrypto1.1@1.1.1g-r0 - From: openssl/libssl1.1@1.1.1g-r0 > openssl/libcrypto1.1@1.1.1g-r0 - From: .python-rundeps@20200804.041307 > openssl/libcrypto1.1@1.1.1g-r0 - and 11 more... - Image layer: 'apk --no-cache add curl' - Fixed in: 1.1.1l-r0 - -✗ Critical severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342150 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ Critical severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342157 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ Critical severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2342158 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r0 - -✗ Critical severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2406624 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r1 - -✗ Critical severity vulnerability found in expat/expat - Description: Exposure of Resource to Wrong Sphere - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407740 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r2 - -✗ Critical severity vulnerability found in expat/expat - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407741 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r2 - -✗ Critical severity vulnerability found in expat/expat - Description: Improper Encoding or Escaping of Output - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-EXPAT-2407742 - Introduced through: expat/expat@2.2.9-r1, .python-rundeps@20200804.041307 - From: expat/expat@2.2.9-r1 - From: .python-rundeps@20200804.041307 > expat/expat@2.2.9-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.2.10-r2 - -✗ Critical severity vulnerability found in apk-tools/apk-tools - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1533753 - Introduced through: apk-tools/apk-tools@2.10.5-r1 - From: apk-tools/apk-tools@2.10.5-r1 - Image layer: Introduced by your base image (python:3.8.5-alpine3.12) - Fixed in: 2.10.7-r0 - - - -Organization: bhavdeep1304 -Package manager: apk -Project name: docker-image|orchestracities/quantumleap -Docker image: orchestracities/quantumleap:0.8.3 -Platform: linux/amd64 -Base image: python:3.8.5-alpine3.12 -Licenses: enabled - -Tested 38 dependencies for known issues, found 56 issues. - -Base Image Vulnerabilities Severity -python:3.8.5-alpine3.12 52 10 critical, 28 high, 12 medium, 2 low - -Recommendations for base image upgrade: - -Alternative image types -Base Image Vulnerabilities Severity -python:3.13.0b2-slim 43 1 critical, 0 high, 0 medium, 42 low -python:3.12.4-slim-bookworm 47 1 critical, 0 high, 0 medium, 46 low -python:3.13.0b2-slim-bullseye 78 1 critical, 1 high, 0 medium, 76 low -python:3.13.0b2-bookworm 197 2 critical, 0 high, 0 medium, 195 low - -Alpine 3.12.0 is no longer supported by the Alpine maintainers. Vulnerability detection may be affected by a lack of security updates. - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -``` diff --git a/Snyk/scan_results/portainer_portainer-ce_2.19.4.md b/Snyk/scan_results/portainer_portainer-ce_2.19.4.md deleted file mode 100644 index be7c0f5..0000000 --- a/Snyk/scan_results/portainer_portainer-ce_2.19.4.md +++ /dev/null @@ -1,320 +0,0 @@ -**Scanning portainer/portainer-ce:2.19.4** -``` - -Testing portainer/portainer-ce:2.19.4... - -Organization: bhavdeep1304 -Package manager: linux -Project name: docker-image|portainer/portainer-ce -Docker image: portainer/portainer-ce:2.19.4 -Platform: linux/amd64 -Licenses: enabled - -✔ Tested portainer/portainer-ce:2.19.4 for known issues, no vulnerable paths found. - -Note that we do not currently have vulnerability data for your image. - -------------------------------------------------------- - -Testing portainer/portainer-ce:2.19.4... - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 - Introduced through: golang.org/x/net/http2@v0.8.0 - From: golang.org/x/net/http2@v0.8.0 - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/crypto/ssh - Description: Authentication Bypass by Capture-replay - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 - Introduced through: golang.org/x/crypto/ssh@v0.7.0 - From: golang.org/x/crypto/ssh@v0.7.0 - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/crypto/acme/autocert - Description: Path Traversal - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOACMEAUTOCERT-7416897 - Introduced through: golang.org/x/crypto/acme/autocert@v0.7.0 - From: golang.org/x/crypto/acme/autocert@v0.7.0 - Fixed in: 0.24.0 - -✗ Medium severity vulnerability found in github.com/go-git/go-git/v5/plumbing - Description: Uncontrolled Resource Consumption ('Resource Exhaustion') - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5PLUMBING-6140319 - Introduced through: github.com/go-git/go-git/v5/plumbing@v5.3.0 - From: github.com/go-git/go-git/v5/plumbing@v5.3.0 - Fixed in: 5.11.0 - -✗ Medium severity vulnerability found in github.com/docker/distribution/registry/api/v2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDOCKERDISTRIBUTIONREGISTRYAPIV2-5885037 - Introduced through: github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible - From: github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible - Fixed in: 2.8.2-beta.1 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 - Introduced through: golang.org/x/net/http2@v0.8.0 - From: golang.org/x/net/http2@v0.8.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 - Introduced through: golang.org/x/net/http2@v0.8.0 - From: golang.org/x/net/http2@v0.8.0 - Fixed in: 0.23.0 - -✗ High severity vulnerability found in github.com/containers/image/v5/docker - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERSIMAGEV5DOCKER-6828757 - Introduced through: github.com/containers/image/v5/docker@v5.25.0 - From: github.com/containers/image/v5/docker@v5.25.0 - Fixed in: 5.30.1 - -✗ Critical severity vulnerability found in github.com/go-git/go-git/v5 - Description: Path Traversal - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOGITGOGITV5-6150754 - Introduced through: github.com/go-git/go-git/v5@v5.3.0 - From: github.com/go-git/go-git/v5@v5.3.0 - Fixed in: 5.11.0 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /portainer -Project name: github.com/portainer/portainer/api -Docker image: portainer/portainer-ce:2.19.4 -Licenses: enabled - -Tested 587 dependencies for known issues, found 9 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing portainer/portainer-ce:2.19.4... - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 - Introduced through: golang.org/x/net/http2@v0.7.0 - From: golang.org/x/net/http2@v0.7.0 - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/net/html - Description: Cross-site Scripting (XSS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTML-5816820 - Introduced through: golang.org/x/net/html@v0.7.0 - From: golang.org/x/net/html@v0.7.0 - Fixed in: 0.13.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 - Introduced through: golang.org/x/net/http2@v0.7.0 - From: golang.org/x/net/http2@v0.7.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 - Introduced through: golang.org/x/net/http2@v0.7.0 - From: golang.org/x/net/http2@v0.7.0 - Fixed in: 0.23.0 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /kubectl -Project name: k8s.io/kubernetes -Docker image: portainer/portainer-ce:2.19.4 -Licenses: enabled - -Tested 230 dependencies for known issues, found 4 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing portainer/portainer-ce:2.19.4... - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 - Introduced through: golang.org/x/net/http2@v0.8.0 - From: golang.org/x/net/http2@v0.8.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 - Introduced through: golang.org/x/net/http2@v0.8.0 - From: golang.org/x/net/http2@v0.8.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 - Introduced through: golang.org/x/net/http2@v0.8.0 - From: golang.org/x/net/http2@v0.8.0 - Fixed in: 0.23.0 - -✗ High severity vulnerability found in github.com/cyphar/filepath-securejoin - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCYPHARFILEPATHSECUREJOIN-5889602 - Introduced through: github.com/cyphar/filepath-securejoin@v0.2.3 - From: github.com/cyphar/filepath-securejoin@v0.2.3 - Fixed in: 0.2.4 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /helm -Project name: helm.sh/helm/v3 -Docker image: portainer/portainer-ce:2.19.4 -Licenses: enabled - -Tested 619 dependencies for known issues, found 4 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing portainer/portainer-ce:2.19.4... - -✗ Medium severity vulnerability found in google.golang.org/protobuf/internal/encoding/json - Description: Infinite loop - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFINTERNALENCODINGJSON-6393704 - Introduced through: google.golang.org/protobuf/internal/encoding/json@v1.30.0 - From: google.golang.org/protobuf/internal/encoding/json@v1.30.0 - Fixed in: 1.33.0 - -✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson - Description: Stack-based Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6137908 - Introduced through: google.golang.org/protobuf/encoding/protojson@v1.30.0 - From: google.golang.org/protobuf/encoding/protojson@v1.30.0 - Fixed in: 1.32.0 - -✗ Medium severity vulnerability found in google.golang.org/protobuf/encoding/protojson - Description: Infinite loop - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGPROTOBUFENCODINGPROTOJSON-6393703 - Introduced through: google.golang.org/protobuf/encoding/protojson@v1.30.0 - From: google.golang.org/protobuf/encoding/protojson@v1.30.0 - Fixed in: 1.33.0 - -✗ Medium severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5958903 - Introduced through: golang.org/x/net/http2@v0.9.0 - From: golang.org/x/net/http2@v0.9.0 - Fixed in: 0.17.0 - -✗ Medium severity vulnerability found in golang.org/x/crypto/ssh - Description: Authentication Bypass by Capture-replay - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXCRYPTOSSH-6130669 - Introduced through: golang.org/x/crypto/ssh@v0.7.0 - From: golang.org/x/crypto/ssh@v0.7.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in google.golang.org/grpc - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328 - Introduced through: google.golang.org/grpc@v1.56.2 - From: google.golang.org/grpc@v1.56.2 - Fixed in: 1.56.3, 1.57.1, 1.58.3 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Denial of Service (DoS) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327 - Introduced through: golang.org/x/net/http2@v0.9.0 - From: golang.org/x/net/http2@v0.9.0 - Fixed in: 0.17.0 - -✗ High severity vulnerability found in golang.org/x/net/http2 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-6531285 - Introduced through: golang.org/x/net/http2@v0.9.0 - From: golang.org/x/net/http2@v0.9.0 - Fixed in: 0.23.0 - -✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPOTELHTTP-5963583 - Introduced through: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 - From: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 - Fixed in: 0.44.0 - -✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPOTELHTTP-5971109 - Introduced through: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 - From: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.40.0 - Fixed in: 0.44.0 - -✗ High severity vulnerability found in go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOPENTELEMETRYIOCONTRIBINSTRUMENTATIONNETHTTPHTTPTRACEOTELHTTPTRACE-5971114 - Introduced through: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.40.0 - From: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.40.0 - Fixed in: 0.44.0 - -✗ High severity vulnerability found in github.com/moby/buildkit/util/entitlements - Description: Improper Handling of Insufficient Privileges (Leaky Vessels) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMOBYBUILDKITUTILENTITLEMENTS-6209364 - Introduced through: github.com/moby/buildkit/util/entitlements@v0.12.1-0.20230717122532-faa0cc7da353 - From: github.com/moby/buildkit/util/entitlements@v0.12.1-0.20230717122532-faa0cc7da353 - Fixed in: 0.12.5 - -✗ High severity vulnerability found in github.com/moby/buildkit/client - Description: Improper Handling of Insufficient Privileges (Leaky Vessels) - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMOBYBUILDKITCLIENT-6209355 - Introduced through: github.com/moby/buildkit/client@v0.12.1-0.20230717122532-faa0cc7da353 - From: github.com/moby/buildkit/client@v0.12.1-0.20230717122532-faa0cc7da353 - Fixed in: 0.12.5 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /docker-compose -Project name: github.com/docker/compose/v2 -Docker image: portainer/portainer-ce:2.19.4 -Licenses: enabled - -Tested 755 dependencies for known issues, found 13 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test portainer/portainer-ce:2.19.4 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - - -Tested 5 projects, 4 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/postgres_15.2.md b/Snyk/scan_results/postgres_15.2.md deleted file mode 100644 index 47c7458..0000000 --- a/Snyk/scan_results/postgres_15.2.md +++ /dev/null @@ -1,1068 +0,0 @@ -**Scanning postgres:15.2** -``` - -Testing postgres:15.2... - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081 - Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 - From: util-linux/libblkid1@2.36.1-8+deb11u1 - From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 - From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 - and 15 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: CVE-2024-28085 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-6508632 - Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 - From: util-linux/libblkid1@2.36.1-8+deb11u1 - From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 - From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 - and 15 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.36.1-8+deb11u2 - -✗ Low severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-523480 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in tar - Description: CVE-2023-39804 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-6120424 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.34+dfsg-1+deb11u1 - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Authentication Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733387 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733391 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733392 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-7008 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6137713 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-50868 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277512 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in sqlite3/libsqlite3-0 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-1569419 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in sqlite3/libsqlite3-0 - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-2407045 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in sqlite3/libsqlite3-0 - Description: Improper Validation of Array Index - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-2959400 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in sqlite3/libsqlite3-0 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-5562381 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in sqlite3/libsqlite3-0 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SQLITE3-6139925 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpg@2.2.27-2+deb11u2 > sqlite3/libsqlite3-0@3.34.1-3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in shadow/passwd - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in shadow/passwd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5423922 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5879152 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > shadow/login@1:4.8.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in perl/libperl5.32 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976 - Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 - From: perl/libperl5.32@5.32.1-4+deb11u2 - From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 - From: perl/perl-modules-5.32@5.32.1-4+deb11u2 - and 4 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in perl/libperl5.32 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-532614 - Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 - From: perl/libperl5.32@5.32.1-4+deb11u2 - From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 - From: perl/perl-modules-5.32@5.32.1-4+deb11u2 - and 4 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in perl/libperl5.32 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489185 - Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 - From: perl/libperl5.32@5.32.1-4+deb11u2 - From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 - From: perl/perl-modules-5.32@5.32.1-4+deb11u2 - and 4 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in perl/libperl5.32 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489191 - Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 - From: perl/libperl5.32@5.32.1-4+deb11u2 - From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 - From: perl/perl-modules-5.32@5.32.1-4+deb11u2 - and 4 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1+deb11u1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1+deb11u1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pcre2/libpcre2-8-0 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-5788325 - Introduced through: pcre2/libpcre2-8-0@10.36-2+deb11u1 - From: pcre2/libpcre2-8-0@10.36-2+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in pam/libpam0g - Description: CVE-2024-22365 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PAM-6178915 - Introduced through: postgresql-15@15.2-1.pgdg110+1, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, pam/libpam-runtime@1.4.0-9+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > pam/libpam0g@1.4.0-9+deb11u1 - From: shadow/login@1:4.8.1-1 > pam/libpam0g@1.4.0-9+deb11u1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > pam/libpam0g@1.4.0-9+deb11u1 - and 9 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6048819 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-0727 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6190224 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6592093 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7151355 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7411351 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-521320 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531344 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Cryptographic Issues - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531747 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-5660622 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-584937 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6123820 - Introduced through: bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, ncurses/ncurses-base@6.2+20201114-2+deb11u1 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - From: ncurses/ncurses-bin@6.2+20201114-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > llvm-toolchain-11/libllvm11@1:11.0.1-2 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - and 8 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6252771 - Introduced through: bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, ncurses/ncurses-base@6.2+20201114-2+deb11u1 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - From: ncurses/ncurses-bin@6.2+20201114-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > llvm-toolchain-11/libllvm11@1:11.0.1-2 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - and 8 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libzstd/libzstd1 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBZSTD-5406388 - Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, libzstd/zstd@1.4.8+dfsg-2.1 - From: postgresql-15@15.2-1.pgdg110+1 > libzstd/libzstd1@1.4.8+dfsg-2.1 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libzstd/libzstd1@1.4.8+dfsg-2.1 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libzstd/libzstd1@1.4.8+dfsg-2.1 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxslt/libxslt1.1 - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXSLT-514942 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxml2 - Description: Cross-site Scripting (XSS) - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-2964223 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxml2 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-5747746 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxml2 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-5871334 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-5947664 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxml2 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-6227804 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libxml2 - Description: CVE-2024-34459 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXML2-6839381 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > libxslt/libxslt1.1@1.1.34-4+deb11u1 > libxml2@2.9.10+dfsg-6.7+deb11u4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892 - Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 - and 9 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libgcrypt20 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947 - Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 - and 9 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-6405987 - Introduced through: postgresql-15@15.2-1.pgdg110+1, apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 - and 9 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in krb5/libkrb5-3 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in krb5/libkrb5-3 - Description: CVE-2024-26462 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277413 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in krb5/libkrb5-3 - Description: CVE-2024-26461 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277418 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in krb5/libkrb5-3 - Description: CVE-2024-26458 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277420 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in krb5/libkrb5-3 - Description: CVE-2024-37371 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.18.3-6+deb11u5 - -✗ Low severity vulnerability found in krb5/libkrb5-3 - Description: CVE-2024-37370 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411320 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.18.3-6+deb11u5 - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Uncaught Exception - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474582 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474587 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-3330745 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/gpgv@2.2.27-2+deb11u2 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnupg2/gpgconf@2.2.27-2+deb11u2 - and 17 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: CVE-2019-1010023 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in glibc/libc6 - Description: CVE-2024-2961 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6617104 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.31-13+deb11u9 - -✗ Low severity vulnerability found in glibc/libc6 - Description: CVE-2024-33599 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673955 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc6 - Description: CVE-2024-33601 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673958 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc6 - Description: CVE-2024-33600 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673967 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc6 - Description: CVE-2024-33602 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673973 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in gcc-9/gcc-9-base - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC9-5901306 - Introduced through: gcc-9/gcc-9-base@9.3.0-22 - From: gcc-9/gcc-9-base@9.3.0-22 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in gcc-10/libstdc++6 - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC10-5901313 - Introduced through: apt@2.2.4, libzstd/zstd@1.4.8+dfsg-2.1, postgresql-15@15.2-1.pgdg110+1, gcc-10/gcc-10-base@10.2.1-6, gcc-10/libgcc-s1@10.2.1-6 - From: apt@2.2.4 > gcc-10/libstdc++6@10.2.1-6 - From: libzstd/zstd@1.4.8+dfsg-2.1 > gcc-10/libstdc++6@10.2.1-6 - From: postgresql-15@15.2-1.pgdg110+1 > gcc-10/libstdc++6@10.2.1-6 - and 6 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in e2fsprogs/libext2fs2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459 - Introduced through: e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2, e2fsprogs/libcom-err2@1.46.2-2 - From: e2fsprogs/libext2fs2@1.46.2-2 - From: e2fsprogs@1.46.2-2 > e2fsprogs/libext2fs2@1.46.2-2 - From: e2fsprogs/libss2@1.46.2-2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in db5.3/libdb5.3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168 - Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, gnupg2/gnupg@2.2.27-2+deb11u2 - From: perl/libperl5.32@5.32.1-4+deb11u2 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1+deb11u1 > cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in coreutils/coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-common@248.pgdg110+1 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in coreutils/coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269 - Introduced through: postgresql-15@15.2-1.pgdg110+1 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-common@248.pgdg110+1 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in bash - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361 - Introduced through: bash@5.1-2+deb11u1 - From: bash@5.1-2+deb11u1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Low severity vulnerability found in apt/libapt-pkg6.0 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-APT-522585 - Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4 - From: apt/libapt-pkg6.0@2.2.4 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 - From: apt@2.2.4 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ Medium severity vulnerability found in tar - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.34+dfsg-1+deb11u1 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Inefficient Regular Expression Complexity - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5788324 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.1.1v-0~deb11u1 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5812634 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.1.1v-0~deb11u1 - -✗ Medium severity vulnerability found in krb5/libkrb5-3 - Description: Access of Uninitialized Pointer - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-5825661 - Introduced through: gnupg2/gnupg@2.2.27-2+deb11u2, postgresql-15@15.2-1.pgdg110+1, krb5/libk5crypto3@1.18.3-6+deb11u3, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1+deb11u1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.18.3-6+deb11u4 - -✗ Medium severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6062102 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 3.7.1-5+deb11u4 - -✗ High severity vulnerability found in systemd/libsystemd0 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 - Introduced through: apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u2 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u2 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > systemd/libsystemd0@247.3-7+deb11u2 - and 5 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - -✗ High severity vulnerability found in perl/libperl5.32 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272 - Introduced through: perl/libperl5.32@5.32.1-4+deb11u2, perl@5.32.1-4+deb11u2, perl/perl-modules-5.32@5.32.1-4+deb11u2, perl/perl-base@5.32.1-4+deb11u2 - From: perl/libperl5.32@5.32.1-4+deb11u2 - From: perl@5.32.1-4+deb11u2 > perl/libperl5.32@5.32.1-4+deb11u2 - From: perl/perl-modules-5.32@5.32.1-4+deb11u2 - and 4 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 5.32.1-4+deb11u3 - -✗ High severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 - Introduced through: postgresql-15@15.2-1.pgdg110+1, gnupg2/gnupg@2.2.27-2+deb11u2 - From: postgresql-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: postgresql-15@15.2-1.pgdg110+1 > postgresql-15/postgresql-client-15@15.2-1.pgdg110+1 > postgresql-15/libpq5@15.2-1.pgdg110+1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 1.1.1n-0+deb11u5 - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197 - Introduced through: bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2+deb11u1, postgresql-15@15.2-1.pgdg110+1, util-linux/mount@2.36.1-8+deb11u1, gnupg2/gnupg@2.2.27-2+deb11u2, ncurses/ncurses-base@6.2+20201114-2+deb11u1 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - From: ncurses/ncurses-bin@6.2+20201114-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - From: postgresql-15@15.2-1.pgdg110+1 > llvm-toolchain-11/libllvm11@1:11.0.1-2 > ncurses/libtinfo6@6.2+20201114-2+deb11u1 - and 8 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 6.2+20201114-2+deb11u2 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159417 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 3.7.1-5+deb11u5 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159419 - Introduced through: apt@2.2.4, gnupg2/gnupg@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: gnupg2/gnupg@2.2.27-2+deb11u2 > gnupg2/dirmngr@2.2.27-2+deb11u2 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 3.7.1-5+deb11u5 - -✗ High severity vulnerability found in glibc/libc6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - Introduced through: glibc/libc6@2.31-13+deb11u6, glibc/locales@2.31-13+deb11u6, postgresql-15@15.2-1.pgdg110+1 - From: glibc/libc6@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-bin@2.31-13+deb11u6 - From: glibc/locales@2.31-13+deb11u6 > glibc/libc-l10n@2.31-13+deb11u6 - and 2 more... - Image layer: Introduced by your base image (postgres:15.2-bullseye) - Fixed in: 2.31-13+deb11u7 - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961 - Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 - From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 - Image layer: Introduced by your base image (postgres:15.2-bullseye) - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|postgres -Docker image: postgres:15.2 -Platform: linux/amd64 -Base image: postgres:15.2-bullseye -Licenses: enabled - -Tested 146 dependencies for known issues, found 107 issues. - -Base Image Vulnerabilities Severity -postgres:15.2-bullseye 107 1 critical, 7 high, 8 medium, 91 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -postgres:15.7-bullseye 93 1 critical, 1 high, 0 medium, 91 low - -Major upgrades -Base Image Vulnerabilities Severity -postgres:17beta2-bullseye 93 1 critical, 1 high, 0 medium, 91 low - -Alternative image types -Base Image Vulnerabilities Severity -postgres:15.7-bookworm 58 1 critical, 0 high, 0 medium, 57 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - -------------------------------------------------------- - -Testing postgres:15.2... - -✗ Medium severity vulnerability found in golang.org/x/sys/unix - Description: Incorrect Privilege Assignment - Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXSYSUNIX-3310442 - Introduced through: golang.org/x/sys/unix@v0.0.0-20220907062415-87db552b00fd - From: golang.org/x/sys/unix@v0.0.0-20220907062415-87db552b00fd - Fixed in: 0.1.0 - - - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /usr/local/bin/gosu -Project name: github.com/tianon/gosu -Docker image: postgres:15.2 -Licenses: enabled - -Tested 3 dependencies for known issues, found 1 issue. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test postgres:15.2 --file=path/to/Dockerfile - -Snyk found some vulnerabilities in your image applications (Snyk searches for these vulnerabilities by default). See https://snyk.co/app-vulns for more information. - -To remove these messages in the future, please run `snyk config set disableSuggestions=true` - - -Tested 2 projects, 2 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/redis_7.0.md b/Snyk/scan_results/redis_7.0.md deleted file mode 100644 index a726b17..0000000 --- a/Snyk/scan_results/redis_7.0.md +++ /dev/null @@ -1,321 +0,0 @@ -**Scanning redis:7.0** -``` - -Testing redis:7.0... - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-UTILLINUX-2401083 - Introduced through: util-linux/libblkid1@2.38.1-5+deb12u1, e2fsprogs@1.47.0-2, util-linux/libmount1@2.38.1-5+deb12u1, util-linux@2.38.1-5+deb12u1, util-linux/mount@2.38.1-5+deb12u1, util-linux/libuuid1@2.38.1-5+deb12u1, util-linux/libsmartcols1@2.38.1-5+deb12u1, util-linux/util-linux-extra@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1 - From: util-linux/libblkid1@2.38.1-5+deb12u1 - From: e2fsprogs@1.47.0-2 > util-linux/libblkid1@2.38.1-5+deb12u1 - From: util-linux/libmount1@2.38.1-5+deb12u1 > util-linux/libblkid1@2.38.1-5+deb12u1 - and 17 more... - -✗ Low severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-TAR-1560620 - Introduced through: tar@1.34+dfsg-1.2+deb12u1, dash@0.5.12-2 - From: tar@1.34+dfsg-1.2+deb12u1 - From: dash@0.5.12-2 > dpkg@1.21.22 > tar@1.34+dfsg-1.2+deb12u1 - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-1560739 - Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 - From: systemd/libsystemd0@252.26-1~deb12u2 - From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 - and 5 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733385 - Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 - From: systemd/libsystemd0@252.26-1~deb12u2 - From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 - and 5 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733390 - Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 - From: systemd/libsystemd0@252.26-1~deb12u2 - From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 - and 5 more... - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SYSTEMD-5733398 - Introduced through: systemd/libsystemd0@252.26-1~deb12u2, apt@2.6.1, util-linux@2.38.1-5+deb12u1, util-linux/bsdutils@1:2.38.1-5+deb12u1, systemd/libudev1@252.26-1~deb12u2 - From: systemd/libsystemd0@252.26-1~deb12u2 - From: apt@2.6.1 > systemd/libsystemd0@252.26-1~deb12u2 - From: util-linux@2.38.1-5+deb12u1 > systemd/libsystemd0@252.26-1~deb12u2 - and 5 more... - -✗ Low severity vulnerability found in shadow/passwd - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559391 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-1559403 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5423923 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-SHADOW-5879156 - Introduced through: shadow/passwd@1:4.13+dfsg1-1+b1, adduser@3.134, shadow/login@1:4.13+dfsg1-1+b1 - From: shadow/passwd@1:4.13+dfsg1-1+b1 - From: adduser@3.134 > shadow/passwd@1:4.13+dfsg1-1+b1 - From: shadow/login@1:4.13+dfsg1-1+b1 - -✗ Low severity vulnerability found in perl/perl-base - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-1556505 - Introduced through: perl/perl-base@5.36.0-7+deb12u1 - From: perl/perl-base@5.36.0-7+deb12u1 - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489184 - Introduced through: perl/perl-base@5.36.0-7+deb12u1 - From: perl/perl-base@5.36.0-7+deb12u1 - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PERL-5489190 - Introduced through: perl/perl-base@5.36.0-7+deb12u1 - From: perl/perl-base@5.36.0-7+deb12u1 - -✗ Low severity vulnerability found in pam/libpam0g - Description: CVE-2024-22365 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-PAM-6178914 - Introduced through: pam/libpam0g@1.5.2-6+deb12u1, shadow/login@1:4.13+dfsg1-1+b1, util-linux@2.38.1-5+deb12u1, adduser@3.134, pam/libpam-modules-bin@1.5.2-6+deb12u1, pam/libpam-modules@1.5.2-6+deb12u1, pam/libpam-runtime@1.5.2-6+deb12u1 - From: pam/libpam0g@1.5.2-6+deb12u1 - From: shadow/login@1:4.13+dfsg1-1+b1 > pam/libpam0g@1.5.2-6+deb12u1 - From: util-linux@2.38.1-5+deb12u1 > pam/libpam0g@1.5.2-6+deb12u1 - and 11 more... - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6592092 - Introduced through: openssl/libssl3@3.0.13-1~deb12u1 - From: openssl/libssl3@3.0.13-1~deb12u1 - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-4603 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-6861561 - Introduced through: openssl/libssl3@3.0.13-1~deb12u1 - From: openssl/libssl3@3.0.13-1~deb12u1 - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7151359 - Introduced through: openssl/libssl3@3.0.13-1~deb12u1 - From: openssl/libssl3@3.0.13-1~deb12u1 - -✗ Low severity vulnerability found in openssl/libssl3 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-OPENSSL-7411350 - Introduced through: openssl/libssl3@3.0.13-1~deb12u1 - From: openssl/libssl3@3.0.13-1~deb12u1 - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6123823 - Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b7, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 - From: ncurses/libtinfo6@6.4-4 - From: bash/bash@5.2.15-2+b7 > ncurses/libtinfo6@6.4-4 - From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 - and 3 more... - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-NCURSES-6252773 - Introduced through: ncurses/libtinfo6@6.4-4, bash/bash@5.2.15-2+b7, ncurses/ncurses-bin@6.4-4, util-linux@2.38.1-5+deb12u1, ncurses/ncurses-base@6.4-4 - From: ncurses/libtinfo6@6.4-4 - From: bash/bash@5.2.15-2+b7 > ncurses/libtinfo6@6.4-4 - From: ncurses/ncurses-bin@6.4-4 > ncurses/libtinfo6@6.4-4 - and 3 more... - -✗ Low severity vulnerability found in libgcrypt20 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-1550206 - Introduced through: libgcrypt20@1.10.1-3, apt@2.6.1 - From: libgcrypt20@1.10.1-3 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 - From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 - and 1 more... - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-LIBGCRYPT20-6405981 - Introduced through: libgcrypt20@1.10.1-3, apt@2.6.1 - From: libgcrypt20@1.10.1-3 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > libgcrypt20@1.10.1-3 - From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 > libgcrypt20@1.10.1-3 - and 1 more... - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUTLS28-1547121 - Introduced through: gnutls28/libgnutls30@3.7.9-2+deb12u3, apt@2.6.1 - From: gnutls28/libgnutls30@3.7.9-2+deb12u3 - From: apt@2.6.1 > gnutls28/libgnutls30@3.7.9-2+deb12u3 - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GNUPG2-3330747 - Introduced through: gnupg2/gpgv@2.2.40-1.1, apt@2.6.1 - From: gnupg2/gpgv@2.2.40-1.1 - From: apt@2.6.1 > gnupg2/gpgv@2.2.40-1.1 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1546991 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547039 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547069 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547135 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547196 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547293 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2019-1010023 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GLIBC-1547373 - Introduced through: glibc/libc-bin@2.36-9+deb12u7, glibc/libc6@2.36-9+deb12u7 - From: glibc/libc-bin@2.36-9+deb12u7 - From: glibc/libc6@2.36-9+deb12u7 - -✗ Low severity vulnerability found in gcc-12/libstdc++6 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-2606941 - Introduced through: gcc-12/libstdc++6@12.2.0-14, apt@2.6.1, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 - From: gcc-12/libstdc++6@12.2.0-14 - From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > gcc-12/libstdc++6@12.2.0-14 - and 2 more... - -✗ Low severity vulnerability found in gcc-12/libstdc++6 - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-GCC12-5901316 - Introduced through: gcc-12/libstdc++6@12.2.0-14, apt@2.6.1, gcc-12/gcc-12-base@12.2.0-14, gcc-12/libgcc-s1@12.2.0-14 - From: gcc-12/libstdc++6@12.2.0-14 - From: apt@2.6.1 > gcc-12/libstdc++6@12.2.0-14 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > gcc-12/libstdc++6@12.2.0-14 - and 2 more... - -✗ Low severity vulnerability found in coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543939 - Introduced through: coreutils@9.1-1 - From: coreutils@9.1-1 - -✗ Low severity vulnerability found in coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-COREUTILS-1543947 - Introduced through: coreutils@9.1-1 - From: coreutils@9.1-1 - -✗ Low severity vulnerability found in apt/libapt-pkg6.0 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-APT-1541449 - Introduced through: apt/libapt-pkg6.0@2.6.1, apt@2.6.1 - From: apt/libapt-pkg6.0@2.6.1 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 - From: apt@2.6.1 - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN12-ZLIB-6008963 - Introduced through: zlib/zlib1g@1:1.2.13.dfsg-1, util-linux@2.38.1-5+deb12u1, apt@2.6.1, dash@0.5.12-2 - From: zlib/zlib1g@1:1.2.13.dfsg-1 - From: util-linux@2.38.1-5+deb12u1 > zlib/zlib1g@1:1.2.13.dfsg-1 - From: apt@2.6.1 > apt/libapt-pkg6.0@2.6.1 > zlib/zlib1g@1:1.2.13.dfsg-1 - and 2 more... - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|redis -Docker image: redis:7.0 -Platform: linux/amd64 -Licenses: enabled - -Tested 89 dependencies for known issues, found 37 issues. - -Snyk wasn’t able to auto detect the base image, use `--file` option to get base image remediation advice. -Example: $ snyk container test redis:7.0 --file=path/to/Dockerfile - -To remove this message in the future, please run `snyk config set disableSuggestions=true` - -------------------------------------------------------- - -Testing redis:7.0... - -Organization: bhavdeep1304 -Package manager: gomodules -Target file: /usr/local/bin/gosu -Project name: github.com/tianon/gosu -Docker image: redis:7.0 -Licenses: enabled - -✔ Tested 2 dependencies for known issues, no vulnerable paths found. - - -Tested 2 projects, 1 contained vulnerable paths. - - - -``` diff --git a/Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md b/Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md deleted file mode 100644 index 6191fb6..0000000 --- a/Snyk/scan_results/telefonicaiot_fiware-orion_3.8.1.md +++ /dev/null @@ -1,1698 +0,0 @@ -**Scanning telefonicaiot/fiware-orion:3.8.1** -``` - -Testing telefonicaiot/fiware-orion:3.8.1... - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-2401081 - Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u5, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 - From: util-linux/libblkid1@2.36.1-8+deb11u1 - From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 - From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 - and 16 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in util-linux/libblkid1 - Description: CVE-2024-28085 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-UTILLINUX-6508632 - Introduced through: util-linux/libblkid1@2.36.1-8+deb11u1, e2fsprogs@1.46.2-2, util-linux/libmount1@2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, util-linux/libuuid1@2.36.1-8+deb11u1, glibc/libc-devtools@2.31-13+deb11u5, util-linux@2.36.1-8+deb11u1, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/libsmartcols1@2.36.1-8+deb11u1 - From: util-linux/libblkid1@2.36.1-8+deb11u1 - From: e2fsprogs@1.46.2-2 > util-linux/libblkid1@2.36.1-8+deb11u1 - From: util-linux/libmount1@2.36.1-8+deb11u1 > util-linux/libblkid1@2.36.1-8+deb11u1 - and 16 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.36.1-8+deb11u2 - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2434417 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Improper Resource Shutdown or Release - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2440571 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-514595 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-516778 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Missing Release of Resource after Effective Lifetime - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-518574 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-520936 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-531474 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5416363 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5425904 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5673712 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5724641 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747597 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5749339 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5750143 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5767900 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5773188 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5853001 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6079927 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6084515 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190609 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-6190787 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in tar - Description: CVE-2005-2541 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-523480 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in tar - Description: CVE-2023-39804 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-6120424 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - Fixed in: 1.34+dfsg-1+deb11u1 - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Authentication Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733387 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733391 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-5733392 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-7008 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6137713 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in systemd/libsystemd0 - Description: CVE-2023-50868 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277512 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Access Restriction Bypass - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Time-of-check Time-of-use (TOCTOU) - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Incorrect Permission Assignment for Critical Resource - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5423922 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in shadow/passwd - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SHADOW-5879152 - Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1 - From: shadow/passwd@1:4.8.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 - From: shadow/login@1:4.8.1-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Link Following - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-532614 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489185 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in perl/perl-base - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-5489191 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pcre3/libpcre3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353 - Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1 - From: pcre3/libpcre3@2:8.39-13 - From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pcre2/libpcre2-8-0 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PCRE2-5788325 - Introduced through: pcre2/libpcre2-8-0@10.36-2+deb11u1 - From: pcre2/libpcre2-8-0@10.36-2+deb11u1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in pam/libpam0g - Description: CVE-2024-22365 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PAM-6178915 - Introduced through: pam/libpam0g@1.4.0-9+deb11u1, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8+deb11u1, adduser@3.118, pam/libpam-modules-bin@1.4.0-9+deb11u1, pam/libpam-modules@1.4.0-9+deb11u1, pam/libpam-runtime@1.4.0-9+deb11u1 - From: pam/libpam0g@1.4.0-9+deb11u1 - From: shadow/login@1:4.8.1-1 > pam/libpam0g@1.4.0-9+deb11u1 - From: util-linux/mount@2.36.1-8+deb11u1 > util-linux@2.36.1-8+deb11u1 > pam/libpam0g@1.4.0-9+deb11u1 - and 11 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: Improper Check for Unusual or Exceptional Conditions - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6048819 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-0727 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6190224 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-2511 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-6592093 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-4741 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7151355 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openssl/libssl1.1 - Description: CVE-2024-5535 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-7411351 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Improper Initialization - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-521320 - Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531344 - Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Cryptographic Issues - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-531747 - Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: NULL Pointer Dereference - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-5660622 - Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in openldap/libldap-2.4-2 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENLDAP-584937 - Introduced through: curl@7.74.0-1.3+deb11u5, openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 - From: openldap/libldap-common@2.4.57+dfsg-3+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in nghttp2/libnghttp2-14 - Description: CVE-2024-28182 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-6541750 - Introduced through: curl@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > nghttp2/libnghttp2-14@1.43.0-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-50495 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6123820 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in ncurses/libtinfo6 - Description: CVE-2023-45918 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-6252771 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libzstd/libzstd1 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBZSTD-5406388 - Introduced through: libzstd/libzstd1@1.4.8+dfsg-2.1, apt@2.2.4, glibc/libc-devtools@2.31-13+deb11u5 - From: libzstd/libzstd1@1.4.8+dfsg-2.1 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libzstd/libzstd1@1.4.8+dfsg-2.1 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 > libzstd/libzstd1@1.4.8+dfsg-2.1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in libsepol/libsepol1 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641 - Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118 - From: libsepol/libsepol1@3.1-1 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in libpng1.6/libpng16-16 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-2363923 - Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u5 - From: libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 > libpng1.6/libpng16-16@1.6.37-3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libpng1.6/libpng16-16 - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBPNG16-529373 - Introduced through: libpng1.6/libpng16-16@1.6.37-3, glibc/libc-devtools@2.31-13+deb11u5 - From: libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libpng1.6/libpng16-16@1.6.37-3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 > libpng1.6/libpng16-16@1.6.37-3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libjpeg-turbo/libjpeg62-turbo - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBJPEGTURBO-2932112 - Introduced through: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4, glibc/libc-devtools@2.31-13+deb11u5 - From: libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > libjpeg-turbo/libjpeg62-turbo@1:2.0.6-4 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgd2/libgd3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1536763 - Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u5 - From: libgd2/libgd3@2.3.0-2 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgd2/libgd3 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1570130 - Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u5 - From: libgd2/libgd3@2.3.0-2 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgd2/libgd3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGD2-1583889 - Introduced through: libgd2/libgd3@2.3.0-2, glibc/libc-devtools@2.31-13+deb11u5 - From: libgd2/libgd3@2.3.0-2 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892 - Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgcrypt20 - Description: Use of a Broken or Risky Cryptographic Algorithm - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947 - Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in libgcrypt20 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-6405987 - Introduced through: libgcrypt20/libgcrypt20-dev@1.8.7-6, apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: libgcrypt20/libgcrypt20-dev@1.8.7-6 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 > libgcrypt20@1.8.7-6 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-26462 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277413 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-26461 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277418 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-26458 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-6277420 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-37371 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411316 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u5 - -✗ Low severity vulnerability found in krb5/libk5crypto3 - Description: CVE-2024-37370 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-7411320 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u5 - -✗ Low severity vulnerability found in jbigkit/libjbig0 - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-JBIGKIT-514977 - Introduced through: jbigkit/libjbig0@2.1-3.1+b2, glibc/libc-devtools@2.31-13+deb11u5 - From: jbigkit/libjbig0@2.1-3.1+b2 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > jbigkit/libjbig0@2.1-3.1+b2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Uncaught Exception - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474582 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6474587 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in gnupg2/gpgv - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUPG2-3330745 - Introduced through: gnupg2/gpgv@2.2.27-2+deb11u2, apt@2.2.4 - From: gnupg2/gpgv@2.2.27-2+deb11u2 - From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Out-of-Bounds - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use of Insufficiently Random Values - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2019-1010023 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Uncontrolled Recursion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Resource Management Errors - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894105 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5894112 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-2961 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6617104 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u9 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33599 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673955 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33601 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673958 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33600 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673967 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in glibc/libc-bin - Description: CVE-2024-33602 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-6673973 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u10 - -✗ Low severity vulnerability found in gcc-9/gcc-9-base - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC9-5901306 - Introduced through: gcc-9/gcc-9-base@9.3.0-22 - From: gcc-9/gcc-9-base@9.3.0-22 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in gcc-10/libstdc++6 - Description: CVE-2023-4039 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GCC10-5901313 - Introduced through: apt@2.2.4, boost1.74/libboost-thread1.74.0@1.74.0-9, icu/libicu67@67.1-7, gcc-10/gcc-10-base@10.2.1-6, gcc-10/libgcc-s1@10.2.1-6 - From: apt@2.2.4 > gcc-10/libstdc++6@10.2.1-6 - From: boost1.74/libboost-thread1.74.0@1.74.0-9 > gcc-10/libstdc++6@10.2.1-6 - From: icu/libicu67@67.1-7 > gcc-10/libstdc++6@10.2.1-6 - and 3 more... - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in freetype/libfreetype6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-FREETYPE-2848681 - Introduced through: freetype/libfreetype6@2.10.4+dfsg-1+deb11u1, glibc/libc-devtools@2.31-13+deb11u5 - From: freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > freetype/libfreetype6@2.10.4+dfsg-1+deb11u1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: XML External Entity (XXE) Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-524217 - Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 - From: expat/libexpat1@2.2.10-2+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227594 - Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 - From: expat/libexpat1@2.2.10-2+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6227598 - Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 - From: expat/libexpat1@2.2.10-2+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in expat/libexpat1 - Description: CVE-2024-28757 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-EXPAT-6420594 - Introduced through: expat/libexpat1@2.2.10-2+deb11u5, glibc/libc-devtools@2.31-13+deb11u5 - From: expat/libexpat1@2.2.10-2+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > fontconfig/libfontconfig1@2.13.1-4.2 > expat/libexpat1@2.2.10-2+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in e2fsprogs/libcom-err2 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-E2FSPROGS-2628459 - Introduced through: e2fsprogs@1.46.2-2, curl@7.74.0-1.3+deb11u5, e2fsprogs/libext2fs2@1.46.2-2, e2fsprogs/libss2@1.46.2-2, e2fsprogs/logsave@1.46.2-2 - From: e2fsprogs@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 - From: e2fsprogs@1.46.2-2 > e2fsprogs/libss2@1.46.2-2 > e2fsprogs/libcom-err2@1.46.2-2 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > e2fsprogs/libcom-err2@1.46.2-2 - and 8 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in db5.3/libdb5.3 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-DB53-2825168 - Introduced through: adduser@3.118, curl@7.74.0-1.3+deb11u5 - From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > cyrus-sasl2/libsasl2-2@2.1.27+dfsg-2.1+deb11u1 > cyrus-sasl2/libsasl2-modules-db@2.1.27+dfsg-2.1+deb11u1 > db5.3/libdb5.3@5.3.28+dfsg1-0.8 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Insufficiently Protected Credentials - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322659 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Improper Validation of Integrity Check Value - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-1322667 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561869 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2023-28322 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561885 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u9 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2023-38546 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955029 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u10 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2398 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501704 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u12 - -✗ Low severity vulnerability found in curl/libcurl4 - Description: CVE-2024-2379 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6501711 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Low severity vulnerability found in coreutils/coreutils - Description: Improper Input Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776 - Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 - From: coreutils/coreutils@8.32-4+b1 - From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in coreutils/coreutils - Description: Race Condition - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269 - Introduced through: coreutils/coreutils@8.32-4+b1, fontconfig/fontconfig-config@2.13.1-4.2 - From: coreutils/coreutils@8.32-4+b1 - From: fontconfig/fontconfig-config@2.13.1-4.2 > ucf@3.0043 > coreutils/coreutils@8.32-4+b1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in bash - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-BASH-3112361 - Introduced through: bash@5.1-2+deb11u1 - From: bash@5.1-2+deb11u1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Low severity vulnerability found in apt/libapt-pkg6.0 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-APT-522585 - Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4 - From: apt/libapt-pkg6.0@2.2.4 - From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 - From: apt@2.2.4 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Use After Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319790 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319791 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319804 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319810 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319811 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319813 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319814 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319820 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319824 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3319826 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747608 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862860 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u5 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5862861 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u5 - -✗ Medium severity vulnerability found in tiff/libtiff5 - Description: Memory Leak - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5934951 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u5 - -✗ Medium severity vulnerability found in tar - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TAR-3253527 - Introduced through: tar@1.34+dfsg-1 - From: tar@1.34+dfsg-1 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - Fixed in: 1.34+dfsg-1+deb11u1 - -✗ Medium severity vulnerability found in systemd/libsystemd0 - Description: Off-by-one Error - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3111119 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 247.3-7+deb11u2 - -✗ Medium severity vulnerability found in systemd/libsystemd0 - Description: CVE-2022-4415 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-3177742 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 247.3-7+deb11u2 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Inefficient Regular Expression Complexity - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5788324 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1v-0~deb11u1 - -✗ Medium severity vulnerability found in openssl/libssl1.1 - Description: Excessive Iteration - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5812634 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1v-0~deb11u1 - -✗ Medium severity vulnerability found in libxpm/libxpm4 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927156 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1+deb11u1 - -✗ Medium severity vulnerability found in libxpm/libxpm4 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-5927166 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1+deb11u1 - -✗ Medium severity vulnerability found in libx11/libx11-data - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927151 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u2 - -✗ Medium severity vulnerability found in libx11/libx11-data - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927154 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u2 - -✗ Medium severity vulnerability found in krb5/libk5crypto3 - Description: Access of Uninitialized Pointer - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-KRB5-5825661 - Introduced through: curl@7.74.0-1.3+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6, krb5/libkrb5support0@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 > krb5/libk5crypto3@1.18.3-6+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u3 > krb5/libkrb5-3@1.18.3-6+deb11u3 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.18.3-6+deb11u4 - -✗ Medium severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6062102 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u4 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320492 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320498 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u7 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366760 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366763 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Authentication - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366765 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5561876 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u9 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: CVE-2023-46218 - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100976 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u11 - -✗ Medium severity vulnerability found in curl/libcurl4 - Description: Missing Encryption of Sensitive Data - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-6100978 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in tiff/libtiff5 - Description: Buffer Overflow - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-5747600 - Introduced through: tiff/libtiff5@4.2.0-1+deb11u3, glibc/libc-devtools@2.31-13+deb11u5 - From: tiff/libtiff5@4.2.0-1+deb11u3 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 4.2.0-1+deb11u4 - -✗ High severity vulnerability found in systemd/libsystemd0 - Description: Allocation of Resources Without Limits or Throttling - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-6277510 - Introduced through: systemd/libsystemd0@247.3-7+deb11u1, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8+deb11u1, util-linux/mount@2.36.1-8+deb11u1, systemd/libudev1@247.3-7+deb11u1 - From: systemd/libsystemd0@247.3-7+deb11u1 - From: apt@2.2.4 > systemd/libsystemd0@247.3-7+deb11u1 - From: util-linux/bsdutils@1:2.36.1-8+deb11u1 > systemd/libsystemd0@247.3-7+deb11u1 - and 5 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in perl/perl-base - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-PERL-6085272 - Introduced through: perl/perl-base@5.32.1-4+deb11u2 - From: perl/perl-base@5.32.1-4+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - Fixed in: 5.32.1-4+deb11u3 - -✗ High severity vulnerability found in openssl/libssl1.1 - Description: Improper Certificate Validation - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735 - Introduced through: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1, ca-certificates@20210119, curl@7.74.0-1.3+deb11u5, openssl@1.1.1n-0+deb11u4 - From: cyrus-sasl2/libsasl2-modules@2.1.27+dfsg-2.1+deb11u1 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u4 > openssl/libssl1.1@1.1.1n-0+deb11u4 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openssl/libssl1.1@1.1.1n-0+deb11u4 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.1.1n-0+deb11u5 - -✗ High severity vulnerability found in nghttp2/libnghttp2-14 - Description: Resource Exhaustion - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NGHTTP2-5953384 - Introduced through: curl@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > nghttp2/libnghttp2-14@1.43.0-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.43.0-1+deb11u1 - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Read - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-2767191 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 6.2+20201114-2+deb11u1 - -✗ High severity vulnerability found in ncurses/libtinfo6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197 - Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash@5.1-2+deb11u1, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8+deb11u1, ncurses/ncurses-base@6.2+20201114-2 - From: ncurses/libtinfo6@6.2+20201114-2 - From: bash@5.1-2+deb11u1 > ncurses/libtinfo6@6.2+20201114-2 - From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2 - and 3 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 6.2+20201114-2+deb11u2 - -✗ High severity vulnerability found in libxpm/libxpm4 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232725 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1~deb11u1 - -✗ High severity vulnerability found in libxpm/libxpm4 - Description: Untrusted Search Path - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232730 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1~deb11u1 - -✗ High severity vulnerability found in libxpm/libxpm4 - Description: Loop with Unreachable Exit Condition ('Infinite Loop') - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBXPM-3232736 - Introduced through: libxpm/libxpm4@1:3.5.12-1, glibc/libc-devtools@2.31-13+deb11u5 - From: libxpm/libxpm4@1:3.5.12-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1:3.5.12-1.1~deb11u1 - -✗ High severity vulnerability found in libx11/libx11-data - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5710893 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u1 - -✗ High severity vulnerability found in libx11/libx11-data - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBX11-5927150 - Introduced through: libx11/libx11-data@2:1.7.2-1, glibc/libc-devtools@2.31-13+deb11u5, libx11/libx11-6@2:1.7.2-1 - From: libx11/libx11-data@2:1.7.2-1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libxpm/libxpm4@1:3.5.12-1 > libx11/libx11-6@2:1.7.2-1 > libx11/libx11-data@2:1.7.2-1 - From: libx11/libx11-6@2:1.7.2-1 - and 1 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2:1.7.2-1+deb11u2 - -✗ High severity vulnerability found in libwebp/libwebp6 - Description: Double Free - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5489177 - Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u5 - From: libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > libwebp/libwebp6@0.6.1-2.1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 0.6.1-2.1+deb11u1 - -✗ High severity vulnerability found in libwebp/libwebp6 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBWEBP-5893094 - Introduced through: libwebp/libwebp6@0.6.1-2.1, glibc/libc-devtools@2.31-13+deb11u5 - From: libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > libwebp/libwebp6@0.6.1-2.1 - From: glibc/libc-devtools@2.31-13+deb11u5 > libgd2/libgd3@2.3.0-2 > tiff/libtiff5@4.2.0-1+deb11u3 > libwebp/libwebp6@0.6.1-2.1 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 0.6.1-2.1+deb11u2 - -✗ High severity vulnerability found in libssh2/libssh2-1 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-LIBSSH2-5861756 - Introduced through: curl@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > libssh2/libssh2-1@1.9.0-2 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 1.9.0-2+deb11u1 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Improper Verification of Cryptographic Signature - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159417 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u5 - -✗ High severity vulnerability found in gnutls28/libgnutls30 - Description: Information Exposure - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-6159419 - Introduced through: apt@2.2.4, curl@7.74.0-1.3+deb11u5 - From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2+b2 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 > openldap/libldap-2.4-2@2.4.57+dfsg-3+deb11u1 > gnutls28/libgnutls30@3.7.1-5+deb11u3 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 3.7.1-5+deb11u5 - -✗ High severity vulnerability found in glibc/libc-bin - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133 - Introduced through: glibc/libc-bin@2.31-13+deb11u5, glibc/libc-devtools@2.31-13+deb11u5, glibc/libc6@2.31-13+deb11u5, libgcrypt20/libgcrypt20-dev@1.8.7-6 - From: glibc/libc-bin@2.31-13+deb11u5 - From: glibc/libc-devtools@2.31-13+deb11u5 - From: glibc/libc6@2.31-13+deb11u5 - and 2 more... - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 2.31-13+deb11u7 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3066040 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3179181 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ High severity vulnerability found in curl/libcurl4 - Description: Directory Traversal - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366762 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ High severity vulnerability found in curl/libcurl4 - Description: Arbitrary Code Injection - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3366772 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u8 - -✗ Critical severity vulnerability found in zlib/zlib1g - Description: Integer Overflow or Wraparound - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-ZLIB-6008961 - Introduced through: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 - From: zlib/zlib1g@1:1.2.11.dfsg-2+deb11u2 - Image layer: Introduced by your base image (debian:bullseye-20230208-slim) - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Cleartext Transmission of Sensitive Information - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-3320493 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - -✗ Critical severity vulnerability found in curl/libcurl4 - Description: Out-of-bounds Write - Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-CURL-5955037 - Introduced through: curl/libcurl4@7.74.0-1.3+deb11u5, curl@7.74.0-1.3+deb11u5 - From: curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 > curl/libcurl4@7.74.0-1.3+deb11u5 - From: curl@7.74.0-1.3+deb11u5 - Image layer: 'apt-get -y install curl cmake libssl-dev git g++ libcurl4-openssl-dev libboost-dev libboost-regex-dev libboost-filesystem-dev libboost-thread-dev uuid-dev libgnutls28-dev libsasl2-dev libgcrypt-dev' - Fixed in: 7.74.0-1.3+deb11u10 - - - -Organization: bhavdeep1304 -Package manager: deb -Project name: docker-image|telefonicaiot/fiware-orion -Docker image: telefonicaiot/fiware-orion:3.8.1 -Platform: linux/amd64 -Base image: debian:bullseye-20230208-slim -Licenses: enabled - -Tested 146 dependencies for known issues, found 181 issues. - -Base Image Vulnerabilities Severity -debian:bullseye-20230208-slim 94 1 critical, 9 high, 10 medium, 74 low - -Recommendations for base image upgrade: - -Minor upgrades -Base Image Vulnerabilities Severity -debian:bullseye-20240701-slim 69 1 critical, 1 high, 0 medium, 67 low - -Major upgrades -Base Image Vulnerabilities Severity -debian:bookworm-20240701-slim 33 1 critical, 0 high, 0 medium, 32 low - - -Learn more: https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/base-image-detection - - -```