brsolomon-deloitte
commented
1 year ago @davideicardi
Scan results for: image obsidiandynamics/kafdrop:3.30.0 sha256:968db96ba80024c5ad1d24b1d22a05fe644713f28f7ad2c934dc21ac99a24fd9
Vulnerabilities
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2016-1000027 | critical | 9.80 | spring-web | 5.3.18 | fixed in 6.0.0 | > 3 years | < 1 hour | Pivotal Spring Framework through 5.3.16 suffers |
| | | | | | > 8 months ago | | | from a potential remote code execution (RCE) issue |
| | | | | | | | | if used for Java deserialization of untrusted |
| | | | | | | | | data.... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-42004 | high | 7.50 | com.fasterxml.jackson.core_jackson-databind | 2.13.2.2 | fixed in 2.13.4 | > 4 months | < 1 hour | In FasterXML jackson-databind before 2.13.4, |
| | | | | | > 4 months ago | | | resource exhaustion can occur because of a lack of |
| | | | | | | | | a check in BeanDeserializer._deserializeFromArray |
| | | | | | | | | to p... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-42003 | high | 7.50 | com.fasterxml.jackson.core_jackson-databind | 2.13.2.2 | fixed in 2.14.0 | > 4 months | < 1 hour | In FasterXML jackson-databind before 2.14.0-rc1, |
| | | | | | > 4 months ago | | | resource exhaustion can occur because of a lack of |
| | | | | | | | | a check in primitive value deserializers to avoid |
| | | | | | | | | ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-34169 | high | 7.50 | java | 11.0.14 | fixed in 19, 17.0.4.1, 16,... | > 7 months | < 1 hour | The Apache Xalan Java XSLT library is vulnerable |
| | | | | | 75 days ago | | | to an integer truncation issue when processing |
| | | | | | | | | malicious XSLT stylesheets. This can be used to |
| | | | | | | | | corrup... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-25857 | high | 7.50 | org.yaml_snakeyaml | 1.29 | fixed in 1.31 | > 5 months | < 1 hour | The package org.yaml:snakeyaml from 0 and before |
| | | | | | > 5 months ago | | | 1.31 are vulnerable to Denial of Service (DoS) |
| | | | | | | | | due missing to nested depth limitation for |
| | | | | | | | | collections... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-21476 | high | 7.50 | java | 11.0.14 | fixed in 1.7.0_341, 1.8.0_331, 11.0.15, 17.0.3, | > 10 months | < 1 hour | Vulnerability in the Oracle Java SE, Oracle |
| | | | | | 18.0.1 > 7 months ago | | | GraalVM Enterprise Edition product of Oracle Java |
| | | | | | | | | SE (component: Libraries). Supported versions that |
| | | | | | | | | are a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2053 | high | 7.50 | io.undertow_undertow-core | 2.2.16 | fixed in 2.2.19 | > 6 months | < 1 hour | When a POST request comes through AJP |
| | | | | | > 6 months ago | | | and the request exceeds the max-post-size |
| | | | | | | | | limit (maxEntitySize), Undertow\'s |
| | | | | | | | | AjpServerRequestConduit implementat... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1319 | high | 7.50 | io.undertow_undertow-core | 2.2.16 | fixed in 2.2.17.SP3, 2.2.18.Final, 2.3.0.Alpha2, | > 5 months | < 1 hour | A flaw was found in Undertow. For an AJP 400 |
| | | | | | 2.3.0.Final > 5 months ago | | | response, EAP 7 is improperly sending two response |
| | | | | | | | | packets, and those packets have the reuse flag set |
| | | | | | | | | eve... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1259 | high | 7.50 | io.undertow_undertow-core | 2.2.16 | fixed in 2.3.0 | > 5 months | < 1 hour | A flaw was found in Undertow. A potential security |
| | | | | | 75 days ago | | | issue in flow control handling by the browser |
| | | | | | | | | over HTTP/2 may cause overhead or a denial of |
| | | | | | | | | service... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3510 | high | 7.00 | com.google.protobuf_protobuf-java | 3.19.1 | fixed in 3.21.7, 3.20.3, 3.19.6, 3.16.3 | 67 days | < 1 hour | A parsing issue similar to CVE-2022-3171, but |
| | | | | | 59 days ago | | | with Message-Type Extensions in protobuf-java core |
| | | | | | | | | and lite versions prior to 3.21.7, 3.20.3, 3.19.6 |
| | | | | | | | | and... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3509 | high | 7.00 | com.google.protobuf_protobuf-java | 3.19.1 | fixed in 3.21.7, 3.20.3, 3.19.6, 3.16.3 | 67 days | < 1 hour | A parsing issue similar to CVE-2022-3171, but with |
| | | | | | 66 days ago | | | textformat in protobuf-java core and lite versions |
| | | | | | | | | prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can |
| | | | | | | | | l... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-22569 | high | 7.00 | com.google.protobuf_protobuf-java | 3.19.1 | fixed in 3.19.2, 3.18.2, 3.16.1 | > 1 years | < 1 hour | An issue in protobuf-java allowed the interleaving |
| | | | | | > 1 years ago | | | of com.google.protobuf.UnknownFieldSet fields in |
| | | | | | | | | such a way that would be processed out of order. |
| | | | | | | | | A... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2023-0286 | high | 0.00 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.17 | 8 days | < 1 hour | There is a type confusion vulnerability relating |
| | | | | | 9 days ago | | | to X.400 address processing inside an X.509 |
| | | | | | | | | GeneralName. X.400 addresses were parsed as an |
| | | | | | | | | ASN1_STRIN... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-44640 | medium | 9.80 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.3 | 54 days | < 1 hour | Heimdal before 7.7.1 allows remote attackers to |
| | | | | | 35 days ago | | | execute arbitrary code because of an invalid free |
| | | | | | | | | in the ASN.1 codec used by the Key Distribution |
| | | | | | | | | Cent... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-37434 | medium | 9.80 | zlib | 1:1.2.11.dfsg-2ubuntu1.3 | fixed in 1:1.2.11.dfsg-2ubuntu1.5 | > 6 months | < 1 hour | zlib through 1.2.12 has a heap-based buffer |
| | | | | | > 6 months ago | | | over-read or buffer overflow in inflate in |
| | | | | | | | | inflate.c via a large gzip header extra field. |
| | | | | | | | | NOTE: only appli... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-32221 | medium | 9.80 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.14 | 73 days | < 1 hour | When doing HTTP(S) transfers, libcurl |
| | | | | | | | | might erroneously use the read callback |
| | | | | | | | | (`CURLOPT_READFUNCTION`) to ask for data to send, |
| | | | | | | | | even when the `CURLOPT... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-29155 | medium | 9.80 | openldap | 2.4.49+dfsg-2ubuntu1.8 | fixed in 2.4.49+dfsg-2ubuntu1.9 | > 9 months | < 1 hour | In OpenLDAP 2.x before 2.5.12 and 2.6.x before |
| | | | | | > 9 months ago | | | 2.6.2, a SQL injection vulnerability exists in the |
| | | | | | | | | experimental back-sql backend to slapd, via a SQL |
| | | | | | | | | st... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27404 | medium | 9.80 | freetype | 2.10.1-2ubuntu0.1 | fixed in 2.10.1-2ubuntu0.2 | > 10 months | < 1 hour | FreeType commit |
| | | | | | > 10 months ago | | | 1e2eb65048f75c64b68708efed6ce904c31f3b2f was |
| | | | | | | | | discovered to contain a heap buffer overflow via |
| | | | | | | | | the function sfnt_init_face. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2068 | medium | 9.80 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.15 | > 8 months | < 1 hour | In addition to the c_rehash shell command |
| | | | | | > 8 months ago | | | injection identified in CVE-2022-1292, further |
| | | | | | | | | circumstances where the c_rehash script does not |
| | | | | | | | | properly san... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1664 | medium | 9.80 | dpkg | 1.19.7ubuntu3 | fixed in 1.19.7ubuntu3.2 | > 8 months | < 1 hour | Dpkg::Source::Archive in dpkg, the Debian |
| | | | | | > 8 months ago | | | package management system, before version 1.21.8, |
| | | | | | | | | 1.20.10, 1.19.8, 1.18.26 is prone to a directory |
| | | | | | | | | traversal... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1292 | medium | 9.80 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.13 | > 9 months | < 1 hour | The c_rehash script does not properly sanitise |
| | | | | | > 9 months ago | | | shell metacharacters to prevent command injection. |
| | | | | | | | | This script is distributed by some operating |
| | | | | | | | | systems... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-35527 | medium | 9.80 | sqlite3 | 3.31.1-4ubuntu0.2 | fixed in 3.31.1-4ubuntu0.4 | > 5 months | < 1 hour | In SQLite 3.31.1, there is an out of bounds access |
| | | | | | > 5 months ago | | | problem through ALTER TABLE for views that have a |
| | | | | | | | | nested FROM clause. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-42898 | medium | 8.80 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.3 | 54 days | < 1 hour | PAC parsing in MIT Kerberos 5 (aka krb5) before |
| | | | | | 35 days ago | | | 1.19.4 and 1.20.x before 1.20.1 has integer |
| | | | | | | | | overflows that may lead to remote code execution |
| | | | | | | | | (in KDC, ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-42898 | medium | 8.80 | krb5 | 1.17-6ubuntu4.1 | fixed in 1.17-6ubuntu4.2 | 54 days | < 1 hour | PAC parsing in MIT Kerberos 5 (aka krb5) before |
| | | | | | 22 days ago | | | 1.19.4 and 1.20.x before 1.20.1 has integer |
| | | | | | | | | overflows that may lead to remote code execution |
| | | | | | | | | (in KDC, ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1271 | medium | 8.80 | gzip | 1.10-0ubuntu4 | fixed in 1.10-0ubuntu4.1 | > 5 months | < 1 hour | An arbitrary file write vulnerability was found in |
| | | | | | > 5 months ago | | | GNU gzip\'s zgrep utility. When zgrep is applied |
| | | | | | | | | on the attacker\'s chosen file name (for example, |
| | | | | | | | | ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1271 | medium | 8.80 | xz-utils | 5.2.4-1ubuntu1 | fixed in 5.2.4-1ubuntu1.1 | > 5 months | < 1 hour | An arbitrary file write vulnerability was found in |
| | | | | | > 5 months ago | | | GNU gzip\'s zgrep utility. When zgrep is applied |
| | | | | | | | | on the attacker\'s chosen file name (for example, |
| | | | | | | | | ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-40674 | medium | 8.10 | expat | 2.2.9-1ubuntu0.4 | fixed in 2.2.9-1ubuntu0.5 | > 5 months | < 1 hour | libexpat before 2.4.9 has a use-after-free in the |
| | | | | | > 5 months ago | | | doContent function in xmlparse.c. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22576 | medium | 8.10 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.10 | > 8 months | < 1 hour | An improper authentication vulnerability exists |
| | | | | | > 8 months ago | | | in curl 7.33.0 to and including 7.82.0 which |
| | | | | | | | | might allow reuse OAUTH2-authenticated connections |
| | | | | | | | | withou... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-31782 | medium | 7.80 | freetype | 2.10.1-2ubuntu0.1 | fixed in 2.10.1-2ubuntu0.2 | > 8 months | < 1 hour | ftbench.c in FreeType Demo Programs through 2.12.1 |
| | | | | | > 8 months ago | | | has a heap-based buffer overflow. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1304 | medium | 7.80 | e2fsprogs | 1.45.5-2ubuntu1 | fixed in 1.45.5-2ubuntu1.1 | > 10 months | < 1 hour | An out-of-bounds read/write vulnerability was |
| | | | | | > 10 months ago | | | found in e2fsprogs 1.46.5. This issue leads to |
| | | | | | | | | a segmentation fault and possibly arbitrary code |
| | | | | | | | | executio... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-16156 | medium | 7.80 | perl | 5.30.0-9ubuntu0.2 | fixed in 5.30.0-9ubuntu0.3 | > 1 years | < 1 hour | CPAN 2.28 allows Signature Verification Bypass. |
| | | | | | > 1 years ago | | | |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-43680 | medium | 7.50 | expat | 2.2.9-1ubuntu0.4 | fixed in 2.2.9-1ubuntu0.6 | > 3 months | < 1 hour | In libexpat through 2.4.9, there is a use-after |
| | | | | | > 3 months ago | | | free caused by overeager destruction of a |
| | | | | | | | | shared DTD in XML_ExternalEntityParserCreate in |
| | | | | | | | | out-of-memor... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-41916 | medium | 7.50 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.2 | > 3 months | < 1 hour | Heimdal is an implementation of ASN.1/DER, |
| | | | | | 71 days ago | | | PKIX, and Kerberos. Versions prior to 7.7.1 are |
| | | | | | | | | vulnerable to a denial of service vulnerability in |
| | | | | | | | | Heimdal\... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-35737 | medium | 7.50 | sqlite3 | 3.31.1-4ubuntu0.2 | fixed in 3.31.1-4ubuntu0.5 | > 6 months | < 1 hour | SQLite 1.0.12 through 3.39.x before 3.39.2 |
| | | | | | > 6 months ago | | | sometimes allows an array-bounds overflow if |
| | | | | | | | | billions of bytes are used in a string argument to |
| | | | | | | | | a C API. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27782 | medium | 7.50 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.11 | > 8 months | < 1 hour | libcurl would reuse a previously created |
| | | | | | > 8 months ago | | | connection even when a TLS or SSHrelated option |
| | | | | | | | | had been changed that should have prohibited |
| | | | | | | | | reuse.libcurl ke... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2509 | medium | 7.50 | gnutls28 | 3.6.13-2ubuntu1.6 | fixed in 3.6.13-2ubuntu1.7 | > 6 months | < 1 hour | A vulnerability found in gnutls. This security |
| | | | | | > 6 months ago | | | flaw happens because of a double free error |
| | | | | | | | | occurs during verification of pkcs7 signatures in |
| | | | | | | | | gnutls_pk... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-23491 | medium | 7.50 | ca-certificates | 20210119~20.04.2 | fixed in 20211016ubuntu0.20.04.1 | 71 days | < 1 hour | Certifi is a curated collection of Root |
| | | | | | 71 days ago | | | Certificates for validating the trustworthiness of |
| | | | | | | | | SSL certificates while verifying the identity of |
| | | | | | | | | TLS hosts.... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-44758 | medium | 7.50 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.3 | 53 days | < 1 hour | Heimdal before 7.7.1 allows attackers to cause |
| | | | | | 35 days ago | | | a NULL pointer dereference in a SPNEGO acceptor |
| | | | | | | | | via a preferred_mech_type of GSS_C_NO_OID and a |
| | | | | | | | | nonzero... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-36222 | medium | 7.50 | krb5 | 1.17-6ubuntu4.1 | needed | > 1 years | < 1 hour | ec_verify in kdc/kdc_preauth_ec.c in the Key |
| | | | | | | | | Distribution Center (KDC) in MIT Kerberos 5 (aka |
| | | | | | | | | krb5) before 1.18.4 and 1.19.x before 1.19.2 |
| | | | | | | | | allows remo... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-35525 | medium | 7.50 | sqlite3 | 3.31.1-4ubuntu0.2 | fixed in 3.31.1-4ubuntu0.4 | > 5 months | < 1 hour | In SQlite 3.31.1, a potential null pointer |
| | | | | | > 5 months ago | | | derreference was found in the INTERSEC query |
| | | | | | | | | processing. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-41854 | medium | 6.50 | org.yaml_snakeyaml | 1.29 | fixed in 1.32 | > 3 months | < 1 hour | Those using Snakeyaml to parse untrusted YAML |
| | | | | | > 3 months ago | | | files may be vulnerable to Denial of Service |
| | | | | | | | | attacks (DOS). If the parser is running on user |
| | | | | | | | | supplied in... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-38752 | medium | 6.50 | org.yaml_snakeyaml | 1.29 | fixed in 1.32 | > 5 months | < 1 hour | Using snakeYAML to parse untrusted YAML files may |
| | | | | | > 5 months ago | | | be vulnerable to Denial of Service attacks (DOS). |
| | | | | | | | | If the parser is running on user supplied input, |
| | | | | | | | | a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-38751 | medium | 6.50 | org.yaml_snakeyaml | 1.29 | fixed in 1.31 | > 5 months | < 1 hour | Using snakeYAML to parse untrusted YAML files may |
| | | | | | > 5 months ago | | | be vulnerable to Denial of Service attacks (DOS). |
| | | | | | | | | If the parser is running on user supplied input, |
| | | | | | | | | a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-38749 | medium | 6.50 | org.yaml_snakeyaml | 1.29 | fixed in 1.31 | > 5 months | < 1 hour | Using snakeYAML to parse untrusted YAML files may |
| | | | | | > 5 months ago | | | be vulnerable to Denial of Service attacks (DOS). |
| | | | | | | | | If the parser is running on user supplied input, |
| | | | | | | | | a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-34903 | medium | 6.50 | gnupg2 | 2.2.19-3ubuntu2.1 | fixed in 2.2.19-3ubuntu2.2 | > 7 months | < 1 hour | GnuPG through 2.3.6, in unusual situations where |
| | | | | | > 7 months ago | | | an attacker possesses any secret-key information |
| | | | | | | | | from a victim\'s keyring and other constraints |
| | | | | | | | | (e.g.... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3437 | medium | 6.50 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.3 | 36 days | < 1 hour | A heap-based buffer overflow vulnerability was |
| | | | | | 35 days ago | | | found in Samba within the GSSAPI unwrap_des() and |
| | | | | | | | | unwrap_des3() routines of Heimdal. The DES and |
| | | | | | | | | Triple... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-32206 | medium | 6.50 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.12 | > 7 months | < 1 hour | curl < 7.84.0 supports \"chained\" HTTP |
| | | | | | > 7 months ago | | | compression algorithms, meaning that a |
| | | | | | | | | serverresponse can be compressed multiple times |
| | | | | | | | | and potentially with di... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22971 | medium | 6.50 | spring-core | 5.3.18 | fixed in 5.3.20, 5.2.22 | > 9 months | < 1 hour | In spring framework versions prior to 5.3.20+ , |
| | | | | | > 9 months ago | | | 5.2.22+ and old unsupported versions, application |
| | | | | | | | | with a STOMP over WebSocket endpoint is vulnerable |
| | | | | | | | | t... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22971 | medium | 6.50 | spring-web | 5.3.18 | fixed in 5.3.20, 5.2.22 | > 9 months | < 1 hour | In spring framework versions prior to 5.3.20+ , |
| | | | | | 75 days ago | | | 5.2.22+ and old unsupported versions, application |
| | | | | | | | | with a STOMP over WebSocket endpoint is vulnerable |
| | | | | | | | | t... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-37750 | medium | 6.50 | krb5 | 1.17-6ubuntu4.1 | needed | > 1 years | < 1 hour | The Key Distribution Center (KDC) in MIT |
| | | | | | | | | Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x |
| | | | | | | | | before 1.19.3 has a NULL pointer dereference in |
| | | | | | | | | kdc/do_tgs_req... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-32208 | medium | 5.90 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.12 | > 7 months | < 1 hour | When curl < 7.84.0 does FTP transfers secured by |
| | | | | | > 7 months ago | | | krb5, it handles message verification failures |
| | | | | | | | | wrongly. This flaw makes it possible for a |
| | | | | | | | | Man-In-The-... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-21541 | medium | 5.90 | java | 11.0.14 | fixed in 19, 17.0.4.1, 16,... | > 7 months | < 1 hour | Vulnerability in the Oracle Java SE, Oracle |
| | | | | | 75 days ago | | | GraalVM Enterprise Edition product of Oracle Java |
| | | | | | | | | SE (component: Hotspot). Supported versions that |
| | | | | | | | | are aff... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27774 | medium | 5.70 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.10 | > 8 months | < 1 hour | An insufficiently protected credentials |
| | | | | | > 8 months ago | | | vulnerability exists in curl 4.9 to and include |
| | | | | | | | | curl 7.82.0 are affected that could allow an |
| | | | | | | | | attacker to extra... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-38750 | medium | 5.50 | org.yaml_snakeyaml | 1.29 | fixed in 1.31 | > 5 months | < 1 hour | Using snakeYAML to parse untrusted YAML files may |
| | | | | | > 5 months ago | | | be vulnerable to Denial of Service attacks (DOS). |
| | | | | | | | | If the parser is running on user supplied input, |
| | | | | | | | | a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3821 | medium | 5.50 | systemd | 245.4-4ubuntu3.15 | needed | > 3 months | < 1 hour | An off-by-one Error issue was discovered |
| | | | | | | | | in Systemd in format_timespan() function of |
| | | | | | | | | time-util.c. An attacker could supply specific |
| | | | | | | | | values for time an... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22970 | medium | 5.30 | spring-core | 5.3.18 | fixed in 5.3.20, 5.2.22 | > 9 months | < 1 hour | In spring framework versions prior to 5.3.20+ , |
| | | | | | > 9 months ago | | | 5.2.22+ and old unsupported versions, applications |
| | | | | | | | | that handle file uploads are vulnerable to DoS |
| | | | | | | | | atta... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22970 | medium | 5.30 | spring-web | 5.3.18 | fixed in 5.3.20, 5.2.22 | > 9 months | < 1 hour | In spring framework versions prior to 5.3.20+ , |
| | | | | | 75 days ago | | | 5.2.22+ and old unsupported versions, applications |
| | | | | | | | | that handle file uploads are vulnerable to DoS |
| | | | | | | | | atta... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22968 | medium | 5.30 | spring-web | 5.3.18 | fixed in 5.2.0 | > 10 months | < 1 hour | In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 |
| | | | | | 75 days ago | | | - 5.2.20, and older unsupported versions, the |
| | | | | | | | | patterns for disallowedFields on a DataBinder are |
| | | | | | | | | cas... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-22968 | medium | 5.30 | spring-core | 5.3.18 | fixed in 5.2.0 | > 10 months | < 1 hour | In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 |
| | | | | | > 10 months ago | | | - 5.2.20, and older unsupported versions, the |
| | | | | | | | | patterns for disallowedFields on a DataBinder are |
| | | | | | | | | cas... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-21540 | medium | 5.30 | java | 11.0.14 | fixed in 19, 17.0.4.1, 16,... | > 7 months | < 1 hour | Vulnerability in the Oracle Java SE, Oracle |
| | | | | | 75 days ago | | | GraalVM Enterprise Edition product of Oracle Java |
| | | | | | | | | SE (component: Hotspot). Supported versions that |
| | | | | | | | | are aff... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-21434 | medium | 5.30 | java | 11.0.14 | fixed in 18.0.1, 17.0.3, 11.0.15,... | > 10 months | < 1 hour | Vulnerability in the Oracle Java SE, Oracle |
| | | | | | 75 days ago | | | GraalVM Enterprise Edition product of Oracle Java |
| | | | | | | | | SE (component: Libraries). Supported versions that |
| | | | | | | | | are a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-21426 | medium | 5.30 | java | 11.0.14 | fixed in 18.0.1, 17.0.3, 11.0.15,... | > 10 months | < 1 hour | Vulnerability in the Oracle Java SE, Oracle |
| | | | | | 75 days ago | | | GraalVM Enterprise Edition product of Oracle Java |
| | | | | | | | | SE (component: JAXP). Supported versions that are |
| | | | | | | | | affect... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2097 | medium | 5.30 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.16 | > 7 months | < 1 hour | AES OCB mode for 32-bit x86 platforms using the |
| | | | | | > 7 months ago | | | AES-NI assembly optimised implementation will |
| | | | | | | | | not encrypt the entirety of the data under some |
| | | | | | | | | circumst... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2764 | medium | 4.90 | io.undertow_undertow-core | 2.2.16 | fixed in 2.3.0 | > 5 months | < 1 hour | A flaw was found in Undertow. Denial of service |
| | | | | | 75 days ago | | | can be achieved as Undertow server waits for the |
| | | | | | | | | LAST_CHUNK forever for EJB invocations. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3171 | moderate | 4.00 | com.google.protobuf_protobuf-java | 3.19.1 | fixed in 3.16.3, 3.19.6, 3.20.3, 3.21.7 | > 4 months | < 1 hour | A parsing issue with binary data in protobuf-java |
| | | | | | > 4 months ago | | | core and lite versions prior to 3.21.7, 3.20.3, |
| | | | | | | | | 3.19.6 and 3.16.3 can lead to a denial of service |
| | | | | | | | | at... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2023-23916 | medium | 0.00 | curl | 7.68.0-1ubuntu2.7 | needed | 2 days | < 1 hour | Red Hat\'s versions of the associated software |
| | | | | | | | | have been determined to NOT be affected by |
| | | | | | | | | CVE-2023-23916. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2023-0361 | medium | 0.00 | gnutls28 | 3.6.13-2ubuntu1.6 | needed | 1 days | < 1 hour | A timing side-channel in the handling of RSA |
| | | | | | | | | ClientKeyExchange messages was discovered in |
| | | | | | | | | GnuTLS. This side-channel can be sufficient to |
| | | | | | | | | recover the k... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2023-0215 | medium | 0.00 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.17 | 8 days | < 1 hour | The public API function BIO_new_NDEF is a helper |
| | | | | | 9 days ago | | | function used for streaming ASN.1 data via a BIO. |
| | | | | | | | | It is primarily used internally to OpenSSL to |
| | | | | | | | | suppo... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-45142 | medium | 0.00 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.4 | 9 days | < 1 hour | Red Hat\'s versions of the associated software |
| | | | | | 9 days ago | | | have been determined to NOT be affected by |
| | | | | | | | | CVE-2022-45142. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-4450 | medium | 0.00 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.17 | 8 days | < 1 hour | The function PEM_read_bio_ex() reads a PEM file |
| | | | | | 9 days ago | | | from a BIO and parses and decodes the \"name\" |
| | | | | | | | | (e.g. \"CERTIFICATE\"), any header data and the |
| | | | | | | | | payload... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-43552 | medium | 0.00 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.15 | 7 days | < 1 hour | A use after free vulnerability exists in curl |
| | | | | | 42 days ago | | | <7.87.0. Curl can be asked to *tunnel* virtually |
| | | | | | | | | all protocols it supports through an HTTP proxy. |
| | | | | | | | | HTTP p... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-4304 | medium | 0.00 | openssl | 1.1.1f-1ubuntu2.12 | fixed in 1.1.1f-1ubuntu2.17 | 8 days | < 1 hour | A timing based side channel exists in the OpenSSL |
| | | | | | 9 days ago | | | RSA Decryption implementation which could be |
| | | | | | | | | sufficient to recover a plaintext across a network |
| | | | | | | | | in a... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3116 | medium | 0.00 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.1 | > 4 months | < 1 hour | A flawed logical condition in |
| | | | | | > 4 months ago | | | lib/gssapi/spnego/accept_sec_context.c allows a |
| | | | | | | | | malicious actor to remotely trigger a NULL pointer |
| | | | | | | | | dereference using a c... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1587 | low | 9.10 | pcre2 | 10.34-7 | fixed in 10.34-7ubuntu0.1 | > 9 months | < 1 hour | An out-of-bounds read vulnerability was |
| | | | | | > 9 months ago | | | discovered in the PCRE2 library in the |
| | | | | | | | | get_recurse_data_length() function of the |
| | | | | | | | | pcre2_jit_compile.c file. Thi... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1586 | low | 9.10 | pcre2 | 10.34-7 | fixed in 10.34-7ubuntu0.1 | > 9 months | < 1 hour | An out-of-bounds read vulnerability was |
| | | | | | > 9 months ago | | | discovered in the PCRE2 library in the |
| | | | | | | | | compile_xclass_matchingpath() function of the |
| | | | | | | | | pcre2_jit_compile.c file.... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2019-18276 | low | 7.80 | bash | 5.0-6ubuntu1.1 | fixed in 5.0-6ubuntu1.2 | > 3 years | < 1 hour | An issue was discovered in disable_priv_mode |
| | | | | | > 3 years ago | | | in shell.c in GNU Bash through 5.0 patch 11. By |
| | | | | | | | | default, if Bash is run with its effective UID not |
| | | | | | | | | equal ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27781 | low | 7.50 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.11 | > 8 months | < 1 hour | libcurl provides the `CURLOPT_CERTINFO` option |
| | | | | | > 8 months ago | | | to allow applications torequest details to be |
| | | | | | | | | returned about a server\'s certificate chain.Due |
| | | | | | | | | to an er... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27775 | low | 7.50 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.10 | > 8 months | < 1 hour | An information disclosure vulnerability exists in |
| | | | | | > 8 months ago | | | curl 7.65.0 to 7.82.0 are vulnerable that by using |
| | | | | | | | | an IPv6 address that was in the connection pool |
| | | | | | | | | b... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27406 | low | 7.50 | freetype | 2.10.1-2ubuntu0.1 | fixed in 2.10.1-2ubuntu0.2 | > 10 months | < 1 hour | FreeType commit |
| | | | | | > 10 months ago | | | 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was |
| | | | | | | | | discovered to contain a segmentation violation via |
| | | | | | | | | the function FT_Request_Size. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27405 | low | 7.50 | freetype | 2.10.1-2ubuntu0.1 | fixed in 2.10.1-2ubuntu0.2 | > 10 months | < 1 hour | FreeType commit |
| | | | | | > 10 months ago | | | 53dfdcd8198d2b3201a23c4bad9190519ba918db was |
| | | | | | | | | discovered to contain a segmentation violation via |
| | | | | | | | | the function FNT_Size_Request. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-43618 | low | 7.50 | gmp | 2:6.2.0+dfsg-4 | fixed in 2:6.2.0+dfsg-4ubuntu0.1 | > 1 years | < 1 hour | GNU Multiple Precision Arithmetic Library (GMP) |
| | | | | | > 1 years ago | | | through 6.2.1 has an mpz/inp_raw.c integer |
| | | | | | | | | overflow and resultant buffer overflow via crafted |
| | | | | | | | | input, l... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2019-20838 | low | 7.50 | pcre3 | 2:8.39-12build1 | fixed in 2:8.39-12ubuntu0.1 | > 2 years | < 1 hour | libpcre in PCRE before 8.43 allows a subject |
| | | | | | > 2 years ago | | | buffer over-read in JIT when UTF is disabled, and |
| | | | | | | | | \\X or \\R has more than one fixed quantifier, a |
| | | | | | | | | relate... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27776 | low | 6.50 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.10 | > 8 months | < 1 hour | A insufficiently protected credentials |
| | | | | | > 8 months ago | | | vulnerability in fixed in curl 7.83.0 might leak |
| | | | | | | | | authentication or cookie header data on HTTP |
| | | | | | | | | redirects to the ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-4209 | low | 6.50 | gnutls28 | 3.6.13-2ubuntu1.6 | fixed in 3.6.13-2ubuntu1.7 | > 5 months | < 1 hour | A NULL pointer dereference flaw was found in |
| | | | | | > 5 months ago | | | GnuTLS. As Nettle\'s hash update functions |
| | | | | | | | | internally call memcpy, providing zero-length |
| | | | | | | | | input may cause ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-3671 | low | 6.50 | heimdal | 7.7.0+dfsg-1ubuntu1 | fixed in 7.7.0+dfsg-1ubuntu1.1 | > 1 years | < 1 hour | A null pointer de-reference was found in the way |
| | | | | | > 1 years ago | | | samba kerberos server handled missing sname in |
| | | | | | | | | TGS-REQ (Ticket Granting Server - Request). An |
| | | | | | | | | authent... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2016-2781 | low | 6.50 | coreutils | 8.30-3ubuntu2 | deferred | > 6 years | < 1 hour | chroot in GNU coreutils, when used with |
| | | | | | | | | --userspec, allows local users to escape to the |
| | | | | | | | | parent session via a crafted TIOCSTI ioctl call, |
| | | | | | | | | which pushes ... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2013-4235 | low | 4.70 | shadow | 1:4.8.1-1ubuntu5.20.04.1 | needed | > 3 years | < 1 hour | shadow: TOCTOU (time-of-check time-of-use) race |
| | | | | | | | | condition when copying and removing directory |
| | | | | | | | | trees |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-35252 | low | 3.70 | curl | 7.68.0-1ubuntu2.7 | fixed in 7.68.0-1ubuntu2.13 | > 4 months | < 1 hour | When curl is used to retrieve and parse cookies |
| | | | | | > 4 months ago | | | from a HTTP(S) server, itaccepts cookies using |
| | | | | | | | | control codes that when later are sent back to a |
| | | | | | | | | HTTPse... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-36087 | low | 3.30 | libsepol | 3.0-1 | fixed in 3.0-1ubuntu0.1 | > 1 years | < 1 hour | The CIL compiler in SELinux 3.2 has a heap-based |
| | | | | | > 1 years ago | | | buffer over-read in ebitmap_match_any (called |
| | | | | | | | | indirectly from cil_check_neverallow). This occurs |
| | | | | | | | | beca... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-36086 | low | 3.30 | libsepol | 3.0-1 | fixed in 3.0-1ubuntu0.1 | > 1 years | < 1 hour | The CIL compiler in SELinux 3.2 has a |
| | | | | | > 1 years ago | | | use-after-free in cil_reset_classpermission |
| | | | | | | | | (called from cil_reset_classperms_set and |
| | | | | | | | | cil_reset_classperms_list)... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-36085 | low | 3.30 | libsepol | 3.0-1 | fixed in 3.0-1ubuntu0.1 | > 1 years | < 1 hour | The CIL compiler in SELinux 3.2 has a |
| | | | | | > 1 years ago | | | use-after-free in __cil_verify_classperms |
| | | | | | | | | (called from __verify_map_perm_classperms and |
| | | | | | | | | hashtab_map). |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-36084 | low | 3.30 | libsepol | 3.0-1 | fixed in 3.0-1ubuntu0.1 | > 1 years | < 1 hour | The CIL compiler in SELinux 3.2 has a |
| | | | | | > 1 years ago | | | use-after-free in __cil_verify_classperms |
| | | | | | | | | (called from __cil_verify_classpermission and |
| | | | | | | | | __cil_pre_verify_helper)... |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3857 | low | 0.00 | libpng1.6 | 1.6.37-2 | deferred | > 3 months | < 1 hour | DOCUMENTATION: No description is available for |
| | | | | | | | | this CVE. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3219 | low | 0.00 | gnupg2 | 2.2.19-3ubuntu2.1 | deferred | > 5 months | < 1 hour | DOCUMENTATION: No description is available for |
| | | | | | | | | this CVE. |
+------------------+----------+------+---------------------------------------------+--------------------------+----------------------------------------------------+-------------+------------+----------------------------------------------------+
github-actions[bot]
davideicardi
The 3.30.0 tag and image has a number of high and critical security vulnerabilities. Please update the dependency stack and push a new version. A number of commits have been made since 3.30.0.