fdgdf (pr name) #5
Merged
GitHub Actions / Docker Vulnerability Report
completed
Aug 3, 2024 in 0s
Vulnerability Report
Full Image Scan Results
Scan Date: 2024-08-03T17:12:50.100549975Z
Image: ghcr.io/nofusscomputing/scratchpad:1158e9e79bd165b29d0dc67d65b35020db188856
OS: debian 12.6
Vulnerabilities
| Vulnerability ID | Package | Version | Severity | Description |
|---|---|---|---|---|
| CVE-2011-3374 | apt | 2.6.1 | LOW | It was found that apt-key in apt, all versions, do not correctly valid ... |
| TEMP-0841856-B18BAF | bash | 5.2.15-2+b7 | LOW | [Privilege escalation possible to other user than root] |
| CVE-2022-0563 | bsdutils | 1:2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2016-2781 | coreutils | 9.1-1 | LOW | coreutils: Non-privileged session can escape to the parent session in chroot |
| CVE-2017-18018 | coreutils | 9.1-1 | LOW | coreutils: race condition vulnerability in chown and chgrp |
| CVE-2023-4039 | gcc-12-base | 12.2.0-14 | MEDIUM | gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 |
| CVE-2022-27943 | gcc-12-base | 12.2.0-14 | LOW | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| CVE-2022-3219 | gpgv | 2.2.40-1.1 | LOW | gnupg: denial of service issue (resource consumption) using compressed packets |
| CVE-2011-3374 | libapt-pkg6.0 | 2.6.1 | LOW | It was found that apt-key in apt, all versions, do not correctly valid ... |
| CVE-2022-0563 | libblkid1 | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2010-4756 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions |
| CVE-2018-20796 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
| CVE-2019-1010022 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: stack guard protection bypass |
| CVE-2019-1010023 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: running ldd on malicious ELF leads to code execution because of wrong size computation |
| CVE-2019-1010024 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: ASLR bypass using cache of thread stack and heap |
| CVE-2019-1010025 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: information disclosure of heap addresses of pthread_created thread |
| CVE-2019-9192 | libc-bin | 2.36-9+deb12u7 | LOW | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
| CVE-2010-4756 | libc6 | 2.36-9+deb12u7 | LOW | glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions |
| CVE-2018-20796 | libc6 | 2.36-9+deb12u7 | LOW | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
| CVE-2019-1010022 | libc6 | 2.36-9+deb12u7 | LOW | glibc: stack guard protection bypass |
| CVE-2019-1010023 | libc6 | 2.36-9+deb12u7 | LOW | glibc: running ldd on malicious ELF leads to code execution because of wrong size computation |
| CVE-2019-1010024 | libc6 | 2.36-9+deb12u7 | LOW | glibc: ASLR bypass using cache of thread stack and heap |
| CVE-2019-1010025 | libc6 | 2.36-9+deb12u7 | LOW | glibc: information disclosure of heap addresses of pthread_created thread |
| CVE-2019-9192 | libc6 | 2.36-9+deb12u7 | LOW | glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c |
| CVE-2023-4039 | libgcc-s1 | 12.2.0-14 | MEDIUM | gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 |
| CVE-2022-27943 | libgcc-s1 | 12.2.0-14 | LOW | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| CVE-2024-2236 | libgcrypt20 | 1.10.1-3 | MEDIUM | libgcrypt: vulnerable to Marvin Attack |
| CVE-2018-6829 | libgcrypt20 | 1.10.1-3 | LOW | libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information |
| CVE-2011-3389 | libgnutls30 | 3.7.9-2+deb12u3 | LOW | HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) |
| CVE-2022-0563 | libmount1 | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2024-22365 | libpam-modules | 1.5.2-6+deb12u1 | MEDIUM | pam: allowing unprivileged user to block another user namespace |
| CVE-2024-22365 | libpam-modules-bin | 1.5.2-6+deb12u1 | MEDIUM | pam: allowing unprivileged user to block another user namespace |
| CVE-2024-22365 | libpam-runtime | 1.5.2-6+deb12u1 | MEDIUM | pam: allowing unprivileged user to block another user namespace |
| CVE-2024-22365 | libpam0g | 1.5.2-6+deb12u1 | MEDIUM | pam: allowing unprivileged user to block another user namespace |
| CVE-2022-0563 | libsmartcols1 | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2023-4039 | libstdc++6 | 12.2.0-14 | MEDIUM | gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 |
| CVE-2022-27943 | libstdc++6 | 12.2.0-14 | LOW | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| CVE-2013-4392 | libsystemd0 | 252.26-1~deb12u2 | LOW | systemd: TOCTOU race condition when updating file permissions and SELinux security contexts |
| CVE-2023-31437 | libsystemd0 | 252.26-1~deb12u2 | LOW | An issue was discovered in systemd 253. An attacker can modify a seale ... |
| CVE-2023-31438 | libsystemd0 | 252.26-1~deb12u2 | LOW | An issue was discovered in systemd 253. An attacker can truncate a sea ... |
| CVE-2023-31439 | libsystemd0 | 252.26-1~deb12u2 | LOW | An issue was discovered in systemd 253. An attacker can modify the con ... |
| CVE-2023-50495 | libtinfo6 | 6.4-4 | MEDIUM | ncurses: segmentation fault via _nc_wrap_entry() |
| CVE-2023-45918 | libtinfo6 | 6.4-4 | LOW | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| CVE-2013-4392 | libudev1 | 252.26-1~deb12u2 | LOW | systemd: TOCTOU race condition when updating file permissions and SELinux security contexts |
| CVE-2023-31437 | libudev1 | 252.26-1~deb12u2 | LOW | An issue was discovered in systemd 253. An attacker can modify a seale ... |
| CVE-2023-31438 | libudev1 | 252.26-1~deb12u2 | LOW | An issue was discovered in systemd 253. An attacker can truncate a sea ... |
| CVE-2023-31439 | libudev1 | 252.26-1~deb12u2 | LOW | An issue was discovered in systemd 253. An attacker can modify the con ... |
| CVE-2022-0563 | libuuid1 | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2023-4641 | login | 1:4.13+dfsg1-1+b1 | MEDIUM | shadow-utils: possible password leak during passwd(1) change |
| CVE-2007-5686 | login | 1:4.13+dfsg1-1+b1 | LOW | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... |
| CVE-2019-19882 | login | 1:4.13+dfsg1-1+b1 | LOW | shadow-utils: local users can obtain root access because setuid programs are misconfigured |
| CVE-2023-29383 | login | 1:4.13+dfsg1-1+b1 | LOW | shadow: Improper input validation in shadow-utils package utility chfn |
| TEMP-0628843-DBAD28 | login | 1:4.13+dfsg1-1+b1 | LOW | [more related to CVE-2005-4890] |
| CVE-2022-0563 | mount | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2023-50495 | ncurses-base | 6.4-4 | MEDIUM | ncurses: segmentation fault via _nc_wrap_entry() |
| CVE-2023-45918 | ncurses-base | 6.4-4 | LOW | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| CVE-2023-50495 | ncurses-bin | 6.4-4 | MEDIUM | ncurses: segmentation fault via _nc_wrap_entry() |
| CVE-2023-45918 | ncurses-bin | 6.4-4 | LOW | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| CVE-2023-4641 | passwd | 1:4.13+dfsg1-1+b1 | MEDIUM | shadow-utils: possible password leak during passwd(1) change |
| CVE-2007-5686 | passwd | 1:4.13+dfsg1-1+b1 | LOW | initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ... |
| CVE-2019-19882 | passwd | 1:4.13+dfsg1-1+b1 | LOW | shadow-utils: local users can obtain root access because setuid programs are misconfigured |
| CVE-2023-29383 | passwd | 1:4.13+dfsg1-1+b1 | LOW | shadow: Improper input validation in shadow-utils package utility chfn |
| TEMP-0628843-DBAD28 | passwd | 1:4.13+dfsg1-1+b1 | LOW | [more related to CVE-2005-4890] |
| CVE-2023-31484 | perl-base | 5.36.0-7+deb12u1 | HIGH | perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS |
| CVE-2011-4116 | perl-base | 5.36.0-7+deb12u1 | LOW | perl: File:: Temp insecure temporary file handling |
| CVE-2023-31486 | perl-base | 5.36.0-7+deb12u1 | LOW | http-tiny: insecure TLS cert default |
| TEMP-0517018-A83CE6 | sysvinit-utils | 3.06-4 | LOW | [sysvinit: no-root option in expert installer exposes locally exploitable security flaw] |
| CVE-2005-2541 | tar | 1.34+dfsg-1.2+deb12u1 | LOW | tar: does not properly warn the user when extracting setuid or setgid files |
| TEMP-0290435-0B57B5 | tar | 1.34+dfsg-1.2+deb12u1 | LOW | [tar's rmt command may have undesired side effects] |
| CVE-2022-0563 | util-linux | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2022-0563 | util-linux-extra | 2.38.1-5+deb12u1 | LOW | util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline |
| CVE-2023-45853 | zlib1g | 1:1.2.13.dfsg-1 | CRITICAL | zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6 |
Loading