Closed github-actions[bot] closed 2 months ago
github-actions[bot]
commented
2 months ago Directory: ./rte/dotnet3
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| Microsoft.AspNetCore.App.Runtime.linux-x64 | CVE-2024-21386 | CRITICAL | unknown | 3.1.32 | 6.0.27, 7.0.16, 8.0.2 | dotnet: Denial of Service in SignalR server |
| Microsoft.AspNetCore.App.Runtime.linux-x64 | CVE-2023-33170 | HIGH | unknown | 3.1.32 | 6.0.20, 7.0.9 | dotnet: race condition in Core SignInManager |
github-actions[bot]
commented
2 months ago Directory: ./rte/python3-12
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| python-3.12 | CVE-2024-6232 | HIGH | unknown | 3.12.5-r2 | 3.12.5-r3 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.12-base | CVE-2024-6232 | HIGH | unknown | 3.12.5-r2 | 3.12.5-r3 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
github-actions[bot]
commented
2 months ago Directory: ./rte/python3-11
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| python-3.11 | CVE-2024-6232 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.11 | CVE-2024-7592 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.11 | CVE-2024-6923 | MEDIUM | unknown | 3.11.9-r8 | 3.11.10-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
| python-3.11-base | CVE-2024-6232 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.11-base | CVE-2024-7592 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.11-base | CVE-2024-6923 | MEDIUM | unknown | 3.11.9-r8 | 3.11.10-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
github-actions[bot]
commented
2 months ago Directory: ./rte/python3-10
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| python-3.10 | CVE-2024-6232 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.10 | CVE-2024-7592 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.10 | CVE-2024-6923 | MEDIUM | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
| python-3.10-base | CVE-2024-6232 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.10-base | CVE-2024-7592 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.10-base | CVE-2024-6923 | MEDIUM | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
github-actions[bot]
commented
2 months ago Directory: ./sdk/dotnet7
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 5.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 7.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 7.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 7.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 7.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 7.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
| System.Text.Json | CVE-2024-30105 | HIGH | unknown | 7.0.4 | 8.0.4 | dotnet: DoS in System.Text.Json |
github-actions[bot]
commented
2 months ago Directory: ./sdk/dotnet3
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| NuGet.Commands | CVE-2022-41032 | HIGH | unknown | 5.7.3-rtm.5 | 4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1 | dotnet: Nuget cache poisoning on Linux via world-writable cache directory |
| NuGet.Commands | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| NuGet.Common | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 5.7.3-rtm.5 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
| NuGet.Protocol | CVE-2022-41032 | HIGH | unknown | 5.7.3-rtm.5 | 4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1 | dotnet: Nuget cache poisoning on Linux via world-writable cache directory |
| NuGet.Protocol | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| System.Drawing.Common | CVE-2021-24112 | CRITICAL | unknown | 4.7.0 | 4.7.2, 5.0.3 | dotnet: Remote Code Execution Vulnerability |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| NuGet.Commands | CVE-2022-41032 | HIGH | unknown | 5.7.3-rtm.5 | 4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1 | dotnet: Nuget cache poisoning on Linux via world-writable cache directory |
| NuGet.Commands | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| NuGet.Common | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 5.7.3-rtm.5 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
| NuGet.Protocol | CVE-2022-41032 | HIGH | unknown | 5.7.3-rtm.5 | 4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1 | dotnet: Nuget cache poisoning on Linux via world-writable cache directory |
| NuGet.Protocol | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| System.Drawing.Common | CVE-2021-24112 | CRITICAL | unknown | 4.7.0 | 4.7.2, 5.0.3 | dotnet: Remote Code Execution Vulnerability |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| Newtonsoft.Json | CVE-2024-21907 | HIGH | unknown | 9.0.1 | 13.0.1 | Improper Handling of Exceptional Conditions in Newtonsoft.Json |
| NuGet.Commands | CVE-2022-41032 | HIGH | unknown | 5.7.3-rtm.5 | 4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1 | dotnet: Nuget cache poisoning on Linux via world-writable cache directory |
| NuGet.Commands | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| NuGet.Common | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 5.7.3-rtm.5 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
| NuGet.Protocol | CVE-2022-41032 | HIGH | unknown | 5.7.3-rtm.5 | 4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1 | dotnet: Nuget cache poisoning on Linux via world-writable cache directory |
| NuGet.Protocol | CVE-2023-29337 | HIGH | unknown | 5.7.3-rtm.5 | 6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5 | dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack |
| System.Drawing.Common | CVE-2021-24112 | CRITICAL | unknown | 4.7.0 | 4.7.2, 5.0.3 | dotnet: Remote Code Execution Vulnerability |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| Newtonsoft.Json | CVE-2024-21907 | HIGH | unknown | 9.0.1 | 13.0.1 | Improper Handling of Exceptional Conditions in Newtonsoft.Json |
| Newtonsoft.Json | CVE-2024-21907 | HIGH | unknown | 9.0.1 | 13.0.1 | Improper Handling of Exceptional Conditions in Newtonsoft.Json |
| Microsoft.AspNetCore.App.Runtime.linux-x64 | CVE-2024-21386 | CRITICAL | unknown | 3.1.32 | 6.0.27, 7.0.16, 8.0.2 | dotnet: Denial of Service in SignalR server |
| Microsoft.AspNetCore.App.Runtime.linux-x64 | CVE-2023-33170 | HIGH | unknown | 3.1.32 | 6.0.20, 7.0.9 | dotnet: race condition in Core SignInManager |
github-actions[bot]
commented
2 months ago Directory: ./sdk/dotnet6
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| System.Net.Http | CVE-2018-8292 | HIGH | unknown | 4.3.0 | 4.3.4 | Core: information disclosure due to authentication information exposed in a redirect |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
| System.Text.RegularExpressions | CVE-2019-0820 | HIGH | unknown | 4.3.0 | 4.3.1 | dotnet: timeouts for regular expressions are not enforced |
github-actions[bot]
commented
2 months ago Directory: ./sdk/dotnet8
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 6.8.1-rc.32767 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
| System.Formats.Asn1 | CVE-2024-38095 | HIGH | unknown | 5.0.0 | 6.0.1, 8.0.1 | dotnet: DoS when parsing X.509 Content and ObjectIdentifiers |
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 6.8.1-rc.32767 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 6.8.1-rc.32767 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
| NuGet.Packaging | CVE-2024-0057 | CRITICAL | unknown | 6.8.1-rc.32767 | 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1 | dotnet: X509 Certificates - Validation Bypass across Azure |
github-actions[bot]
commented
2 months ago Directory: ./sdk/python3-12
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| python-3.12 | CVE-2024-6232 | HIGH | unknown | 3.12.5-r2 | 3.12.5-r3 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.12-base | CVE-2024-6232 | HIGH | unknown | 3.12.5-r2 | 3.12.5-r3 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
github-actions[bot]
commented
2 months ago Directory: ./sdk/python3-11
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| python-3.11 | CVE-2024-6232 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.11 | CVE-2024-7592 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.11 | CVE-2024-6923 | MEDIUM | unknown | 3.11.9-r8 | 3.11.10-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
| python-3.11-base | CVE-2024-6232 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.11-base | CVE-2024-7592 | HIGH | unknown | 3.11.9-r8 | 3.11.9-r9 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.11-base | CVE-2024-6923 | MEDIUM | unknown | 3.11.9-r8 | 3.11.10-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
github-actions[bot]
commented
2 months ago Directory: ./sdk/python3-10
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| python-3.10 | CVE-2024-6232 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.10 | CVE-2024-7592 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.10 | CVE-2024-6923 | MEDIUM | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
| python-3.10-base | CVE-2024-6232 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | python: cpython: tarfile: ReDos via excessive backtracking while parsing header values |
| python-3.10-base | CVE-2024-7592 | HIGH | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: Uncontrolled CPU resource consumption when in http.cookies module |
| python-3.10-base | CVE-2024-6923 | MEDIUM | unknown | 3.10.14-r6 | 3.10.15-r0 | cpython: python: email module doesn't properly quotes newlines in email headers, allowing header injection |
github-actions[bot]
commented
2 months ago Directory: ./3rd-party/chrome
| Library | Vulnerability | Severity | Status | Installed Version | Fixed Version | Title |
|---|---|---|---|---|---|---|
| coreutils | CVE-2016-2781 | LOW | unknown | 8.32-4.1ubuntu1.2 | N/A | coreutils: Non-privileged session can escape to the parent session in chroot |
| cpp | CVE-2020-13844 | MEDIUM | unknown | 4:11.2.0-1ubuntu1 | N/A | kernel: ARM straight-line speculation vulnerability |
| cpp-11 | CVE-2021-3826 | LOW | unknown | 11.4.0-1ubuntu1~22.04 | N/A | libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c |
| cpp-11 | CVE-2021-46195 | LOW | unknown | 11.4.0-1ubuntu1~22.04 | N/A | gcc: uncontrolled recursion in libiberty/rust-demangle.c |
| cpp-11 | CVE-2022-27943 | LOW | unknown | 11.4.0-1ubuntu1~22.04 | N/A | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| dbus | CVE-2023-34969 | LOW | unknown | 1.12.20-2ubuntu4.1 | N/A | dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered |
| dbus-user-session | CVE-2023-34969 | LOW | unknown | 1.12.20-2ubuntu4.1 | N/A | dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered |
| dirmngr | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gcc-11-base | CVE-2021-3826 | LOW | unknown | 11.4.0-1ubuntu1~22.04 | N/A | libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c |
| gcc-11-base | CVE-2021-46195 | LOW | unknown | 11.4.0-1ubuntu1~22.04 | N/A | gcc: uncontrolled recursion in libiberty/rust-demangle.c |
| gcc-11-base | CVE-2022-27943 | LOW | unknown | 11.4.0-1ubuntu1~22.04 | N/A | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| gcc-12-base | CVE-2022-27943 | LOW | unknown | 12.3.0-1ubuntu1~22.04 | N/A | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| gnupg | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gnupg-l10n | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gnupg-utils | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpg | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpg-agent | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpg-wks-client | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpg-wks-server | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpgconf | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpgsm | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| gpgv | CVE-2022-3219 | LOW | unknown | 2.2.27-3ubuntu2.1 | N/A | gnupg: denial of service issue (resource consumption) using compressed packets |
| libapparmor1 | CVE-2016-1585 | MEDIUM | unknown | 3.0.4-2ubuntu2.3build2 | N/A | In all versions of AppArmor mount rules are accidentally widened when ... |
| libc-bin | CVE-2016-20013 | LOW | unknown | 2.35-0ubuntu3.8 | N/A | null |
| libc6 | CVE-2016-20013 | LOW | unknown | 2.35-0ubuntu3.8 | N/A | null |
| libcairo-gobject2 | CVE-2017-7475 | LOW | unknown | 1.16.0-5ubuntu2 | N/A | cairo: NULL pointer dereference with a crafted font file |
| libcairo-gobject2 | CVE-2018-18064 | LOW | unknown | 1.16.0-5ubuntu2 | N/A | cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document |
| libcairo-gobject2 | CVE-2019-6461 | LOW | unknown | 1.16.0-5ubuntu2 | N/A | cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c |
| libcairo2 | CVE-2017-7475 | LOW | unknown | 1.16.0-5ubuntu2 | N/A | cairo: NULL pointer dereference with a crafted font file |
| libcairo2 | CVE-2018-18064 | LOW | unknown | 1.16.0-5ubuntu2 | N/A | cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document |
| libcairo2 | CVE-2019-6461 | LOW | unknown | 1.16.0-5ubuntu2 | N/A | cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c |
| libcurl3-gnutls | CVE-2024-8096 | MEDIUM | unknown | 7.81.0-1ubuntu1.17 | N/A | curl: OCSP stapling bypass with GnuTLS |
| libdbus-1-3 | CVE-2023-34969 | LOW | unknown | 1.12.20-2ubuntu4.1 | N/A | dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered |
| libexpat1 | CVE-2024-45490 | MEDIUM | unknown | 2.4.7-1ubuntu0.3 | N/A | libexpat: Negative Length Parsing Vulnerability in libexpat |
| libexpat1 | CVE-2024-45491 | MEDIUM | unknown | 2.4.7-1ubuntu0.3 | N/A | libexpat: Integer Overflow or Wraparound |
| libexpat1 | CVE-2024-45492 | MEDIUM | unknown | 2.4.7-1ubuntu0.3 | N/A | libexpat: integer overflow |
| libgcc-s1 | CVE-2022-27943 | LOW | unknown | 12.3.0-1ubuntu1~22.04 | N/A | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| libgcrypt20 | CVE-2024-2236 | MEDIUM | unknown | 1.9.4-3ubuntu3 | N/A | libgcrypt: vulnerable to Marvin Attack |
| libgif7 | CVE-2023-48161 | LOW | unknown | 5.1.9-2ubuntu0.1 | N/A | giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function |
| libgssapi-krb5-2 | CVE-2024-26462 | MEDIUM | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/kdc/ndr.c |
| libgssapi-krb5-2 | CVE-2024-26458 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c |
| libgssapi-krb5-2 | CVE-2024-26461 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c |
| libharfbuzz0b | CVE-2023-25193 | LOW | unknown | 2.7.4-1ubuntu3.1 | N/A | harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks |
| libk5crypto3 | CVE-2024-26462 | MEDIUM | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/kdc/ndr.c |
| libk5crypto3 | CVE-2024-26458 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c |
| libk5crypto3 | CVE-2024-26461 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c |
| libkrb5-3 | CVE-2024-26462 | MEDIUM | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/kdc/ndr.c |
| libkrb5-3 | CVE-2024-26458 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c |
| libkrb5-3 | CVE-2024-26461 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c |
| libkrb5support0 | CVE-2024-26462 | MEDIUM | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/kdc/ndr.c |
| libkrb5support0 | CVE-2024-26458 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c |
| libkrb5support0 | CVE-2024-26461 | LOW | unknown | 1.19.2-2ubuntu0.4 | N/A | krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c |
| libncurses6 | CVE-2023-45918 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| libncurses6 | CVE-2023-50495 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: segmentation fault via _nc_wrap_entry() |
| libncursesw6 | CVE-2023-45918 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| libncursesw6 | CVE-2023-50495 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: segmentation fault via _nc_wrap_entry() |
| libnss-systemd | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| libpam-systemd | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| libpcre3 | CVE-2017-11164 | LOW | unknown | 2:8.39-13ubuntu0.22.04.1 | N/A | pcre: OP_KETRMAX feature in the match function in pcre_exec.c |
| libpixman-1-0 | CVE-2023-37769 | MEDIUM | unknown | 0.40.0-1ubuntu0.22.04.1 | N/A | stress-test master commit e4c878 was discovered to contain a FPE vulne ... |
| libpng16-16 | CVE-2022-3857 | LOW | unknown | 1.6.37-3build5 | N/A | libpng: Null pointer dereference leads to segmentation fault |
| libpython3.10-minimal | CVE-2023-27043 | MEDIUM | unknown | 3.10.12-1~22.04.5 | N/A | python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple |
| libpython3.10-stdlib | CVE-2023-27043 | MEDIUM | unknown | 3.10.12-1~22.04.5 | N/A | python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple |
| libssl3 | CVE-2024-41996 | MEDIUM | unknown | 3.0.2-0ubuntu1.17 | N/A | openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations |
| libssl3 | CVE-2024-6119 | MEDIUM | unknown | 3.0.2-0ubuntu1.17 | 3.0.2-0ubuntu1.18 | openssl: Possible denial of service in X.509 name checks |
| libstdc++6 | CVE-2022-27943 | LOW | unknown | 12.3.0-1ubuntu1~22.04 | N/A | binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const |
| libsystemd0 | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| libtiff5 | CVE-2024-6716 | LOW | unknown | 4.3.0-6ubuntu0.10 | N/A | null |
| libtinfo6 | CVE-2023-45918 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| libtinfo6 | CVE-2023-50495 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: segmentation fault via _nc_wrap_entry() |
| libudev1 | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| libxml-twig-perl | CVE-2016-9180 | LOW | unknown | 1:3.52-1 | N/A | perl-XML-Twig: expand_external_ents option fails to work as documented |
| libzstd1 | CVE-2022-4899 | LOW | unknown | 1.4.8+dfsg-3build1 | N/A | zstd: mysql: buffer overrun in util.c |
| login | CVE-2023-29383 | LOW | unknown | 1:4.8.1-2ubuntu2.2 | N/A | shadow: Improper input validation in shadow-utils package utility chfn |
| ncurses-base | CVE-2023-45918 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| ncurses-base | CVE-2023-50495 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: segmentation fault via _nc_wrap_entry() |
| ncurses-bin | CVE-2023-45918 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c |
| ncurses-bin | CVE-2023-50495 | LOW | unknown | 6.3-2ubuntu0.1 | N/A | ncurses: segmentation fault via _nc_wrap_entry() |
| openssl | CVE-2024-41996 | MEDIUM | unknown | 3.0.2-0ubuntu1.18 | N/A | openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations |
| passwd | CVE-2023-29383 | LOW | unknown | 1:4.8.1-2ubuntu2.2 | N/A | shadow: Improper input validation in shadow-utils package utility chfn |
| python3.10 | CVE-2023-27043 | MEDIUM | unknown | 3.10.12-1~22.04.5 | N/A | python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple |
| python3.10-minimal | CVE-2023-27043 | MEDIUM | unknown | 3.10.12-1~22.04.5 | N/A | python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple |
| systemd | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| systemd-sysv | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| systemd-timesyncd | CVE-2023-7008 | LOW | unknown | 249.11-0ubuntu3.12 | N/A | systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes |
| wget | CVE-2021-31879 | MEDIUM | unknown | 1.21.2-2ubuntu1.1 | N/A | wget: authorization header disclosure on redirect |
| xdg-utils | CVE-2022-4055 | LOW | unknown | 1.1.3-4.1ubuntu3~22.04.1 | N/A | xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments |
New security vulnerabilities found. See the details below.