Scheduled CVE vulnerability scan of published images. #32

Annotations

11 errors, 11 warnings, and 1 notice

The job was canceled because "mailpit" failed.

The operation was canceled.

CVE-2023-52425 - HIGH severity - expat: parsing large tokens can trigger a denial of service vulnerability in libexpat

CVE-2024-28757 - HIGH severity - expat: XML Entity Expansion vulnerability in libexpat

CVE-2024-25062 - HIGH severity - libxml2: use-after-free in XMLReader vulnerability in libxml2

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-4603 - MEDIUM severity - openssl: Excessive time spent checking DSA keys and parameters vulnerability in libcrypto3

CVE-2024-4741 - MEDIUM severity - openssl: Use After Free with SSL_free_buffers vulnerability in libcrypto3

CVE-2024-1580 - UNKNOWN severity - An integer overflow in dav1d AV1 decoder that can occur when decoding ... vulnerability in libdav1d