Scheduled CVE vulnerability scan of published images. #33

Annotations

6 errors, 12 warnings, and 10 notices

CVE-2023-44487 - HIGH severity - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) vulnerability in libnghttp2-14

GHSA-xpw8-rcwv-8f8p - HIGH severity - io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack vulnerability in io.netty:netty-codec-http2

CVE-2023-34054 - HIGH severity - Reactor Netty HTTP Server denial of service vulnerability vulnerability in io.projectreactor.netty:reactor-netty-core

CVE-2023-34062 - HIGH severity - reactor-netty-http: directory traversal vulnerability vulnerability in io.projectreactor.netty:reactor-netty-http

CVE-2023-1370 - HIGH severity - json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) vulnerability in net.minidev:json-smart

CVE-2024-25710 - HIGH severity - commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file vulnerability in org.apache.commons:commons-compress

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2024-28085 - MEDIUM severity - util-linux: CVE-2024-28085: wall: escape sequence injection vulnerability in bsdutils

CVE-2023-46218 - MEDIUM severity - curl: information disclosure by exploiting a mixed case flaw vulnerability in curl

CVE-2024-2398 - MEDIUM severity - curl: HTTP/2 push headers memory-leak vulnerability in curl

CVE-2024-7264 - MEDIUM severity - curl: libcurl: ASN.1 date parser overread vulnerability in curl

CVE-2024-28085 - MEDIUM severity - util-linux: CVE-2024-28085: wall: escape sequence injection vulnerability in fdisk

CVE-2024-28085 - MEDIUM severity - util-linux: CVE-2024-28085: wall: escape sequence injection vulnerability in libblkid1

CVE-2024-2961 - MEDIUM severity - glibc: Out of bounds write in iconv may lead to remote code execution vulnerability in libc-bin

CVE-2024-33599 - MEDIUM severity - glibc: stack-based buffer overflow in netgroup cache vulnerability in libc-bin

CVE-2024-33600 - MEDIUM severity - glibc: null pointer dereferences after failed netgroup cache insertion vulnerability in libc-bin

CVE-2024-33601 - MEDIUM severity - glibc: netgroup cache may terminate daemon on memory allocation failure vulnerability in libc-bin

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2016-2781 - LOW severity - coreutils: Non-privileged session can escape to the parent session in chroot vulnerability in coreutils

CVE-2023-38546 - LOW severity - curl: cookie injection with none file vulnerability in curl

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpgv

CVE-2016-20013 - LOW severity - sha256crypt and sha512crypt through 0.6 allow... vulnerability in libc-bin

CVE-2023-4806 - LOW severity - glibc: potential use-after-free in getaddrinfo() vulnerability in libc-bin

CVE-2023-4813 - LOW severity - glibc: potential use-after-free in gaih_inet() vulnerability in libc-bin

CVE-2016-20013 - LOW severity - sha256crypt and sha512crypt through 0.6 allow... vulnerability in libc6

CVE-2023-4806 - LOW severity - glibc: potential use-after-free in getaddrinfo() vulnerability in libc6

CVE-2023-4813 - LOW severity - glibc: potential use-after-free in gaih_inet() vulnerability in libc6

CVE-2023-38546 - LOW severity - curl: cookie injection with none file vulnerability in libcurl4

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Scheduled CVE vulnerability scan of published images. #33

vulnerability-scan-schedule (elasticsearch)

Scheduled CVE vulnerability scan of published images. #33

Jobs

Run details

Annotations

The logs for this run have expired and are no longer available.

Re-running jobs...