Security Report: Image Vulnerabilities

[github-actions[bot]]

Last scan date

1/12/2024

Present Vulnerabilities

Vulnerability ID	PkgName	Title	Severity	Status	Fixed Version	Published Date	Affects	Links
CVE-2022-32207	curl	Unpreserved file permissions	CRITICAL	fixed	7.80.0-r2	2022-07-07T13:15:08.403Z	frontend
CVE-2022-32221	curl	POST following PUT confusion	CRITICAL	fixed	7.80.0-r4	2022-12-05T22:15:10.343Z	frontend
CVE-2023-23914	curl	curl: HSTS ignored on multiple requests	CRITICAL	fixed	7.80.0-r6	2023-02-23T20:15:13.637Z	frontend
CVE-2023-38545	curl	curl: heap based buffer overflow in the SOCKS5 proxy handshake	CRITICAL	fixed	8.4.0-r0	2023-10-18T04:15:11.077Z	frontend
CVE-2022-27780	curl	curl: percent-encoded path separator in URL host	HIGH	fixed	7.80.0-r2	2022-06-02T14:15:44.267Z	frontend
CVE-2022-27781	curl	CERTINFO never-ending busy-loop	HIGH	fixed	7.80.0-r2	2022-06-02T14:15:44.467Z	frontend
CVE-2022-27782	curl	TLS and SSH connection too eager reuse	HIGH	fixed	7.80.0-r2	2022-06-02T14:15:44.663Z	frontend
CVE-2022-42915	curl	HTTP proxy double-free	HIGH	fixed	7.80.0-r4	2022-10-29T20:15:09.7Z	frontend
CVE-2022-42916	curl	HSTS bypass via IDN	HIGH	fixed	7.80.0-r4	2022-10-29T02:15:09.047Z	frontend
CVE-2022-43551	curl	curl: HSTS bypass via IDN	HIGH	fixed	7.80.0-r5	2022-12-23T15:15:15.777Z	frontend
CVE-2023-27533	curl	curl: TELNET option IAC injection	HIGH	fixed	8.0.1-r0	2023-03-30T20:15:07.373Z	frontend
CVE-2023-27534	curl	curl: SFTP path ~ resolving discrepancy	HIGH	fixed	8.0.1-r0	2023-03-30T20:15:07.427Z	frontend
CVE-2023-28319	curl	use after free in SSH sha256 fingerprint check	HIGH	fixed	8.1.0-r0	2023-05-26T21:15:10.02Z	frontend
CVE-2023-38039	curl	curl: out of heap memory issue due to missing limit on header quantity	HIGH	fixed	8.3.0-r0	2023-09-15T04:15:10.127Z	frontend
CVE-2022-27405	freetype	FreeType: Segmentation violation via FNT_Size_Request	HIGH	fixed	2.11.1-r2	2022-04-22T14:15:09.483Z	frontend
CVE-2022-27406	freetype	Freetype: Segmentation violation via FT_Request_Size	HIGH	fixed	2.11.1-r2	2022-04-22T14:15:09.537Z	frontend
CVE-2022-4450	libcrypto1.1	openssl: double free after calling PEM_read_bio_ex	HIGH	fixed	1.1.1t-r0	2023-02-08T20:15:23.973Z	frontend api blockchain provisioning excel-export-service email-notification-service storage-service logging-service migration frontend-collector
CVE-2023-0215	libcrypto1.1	openssl: use-after-free following BIO_new_NDEF	HIGH	fixed	1.1.1t-r0	2023-02-08T20:15:24.107Z	frontend api blockchain provisioning excel-export-service email-notification-service storage-service logging-service migration frontend-collector
CVE-2023-0286	libcrypto1.1	openssl: X.400 address type confusion in X.509 GeneralName	HIGH	fixed	1.1.1t-r0	2023-02-08T20:15:24.267Z	frontend api blockchain provisioning excel-export-service email-notification-service storage-service logging-service migration frontend-collector	https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5
CVE-2023-0464	libcrypto1.1	openssl: Denial of service by excessive resource usage in verifying X509 policy constraints	HIGH	fixed	1.1.1t-r2	2023-03-22T17:15:13.13Z	frontend api blockchain provisioning excel-export-service email-notification-service storage-service logging-service migration frontend-collector
CVE-2023-1999	libwebp	Mozilla: libwebp: Double-free in libwebp	HIGH	fixed	1.2.2-r1	2023-06-20T12:15:09.6Z	frontend
CVE-2023-4863	libwebp	libwebp: Heap buffer overflow in WebP Codec	HIGH	fixed	1.2.2-r2	2023-09-12T15:15:24.327Z	frontend
CVE-2022-2309	libxml2	lxml: NULL Pointer Dereference in lxml	HIGH	fixed	2.9.14-r1	2022-07-05T10:15:08.763Z	frontend	https://github.com/advisories/GHSA-wrxv-2j5q-m38w
CVE-2022-40303	libxml2	libxml2: integer overflows with XML_PARSE_HUGE	HIGH	fixed	2.9.14-r2	2022-11-23T00:15:11.007Z	frontend
CVE-2022-40304	libxml2	libxml2: dict corruption caused by entity reference cycles	HIGH	fixed	2.9.14-r2	2022-11-23T18:15:12.167Z	frontend
CVE-2022-29458	ncurses-libs	segfaulting OOB read	HIGH	fixed	6.3_p20211120-r1	2022-04-18T21:15:07.6Z	frontend api blockchain
CVE-2023-29491	ncurses-libs	ncurses: Local users can trigger security-relevant memory corruption via malformed data	HIGH	fixed	6.3_p20211120-r2	2023-04-14T01:15:08.57Z	frontend api blockchain
CVE-2023-35945	nghttp2-libs	HTTP/2 memory leak in nghttp2 codec	HIGH	fixed	1.46.0-r1	2023-07-13T21:15:08.88Z	frontend	https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
CVE-2023-44487	nghttp2-libs	HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)	HIGH	fixed	1.46.0-r2	2023-10-10T14:15:10.883Z	frontend e2e-test	https://github.com/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/advisories/GHSA-vx74-f528-fxqg https://github.com/advisories/GHSA-xpw8-rcwv-8f8p https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3 https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
CVE-2022-1586	pcre2	pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c	CRITICAL	fixed	10.40-r0	2022-05-16T21:15:07.793Z	frontend api blockchain
CVE-2022-1587	pcre2	pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c	CRITICAL	fixed	10.40-r0	2022-05-16T21:15:07.847Z	frontend api blockchain
CVE-2022-41409	pcre2	Integer overflow vulnerability in pcre2test before 10.41 allows attack ...	HIGH	fixed	10.42-r0	2023-07-18T14:15:12.197Z	frontend
CVE-2022-37434	zlib	zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field	CRITICAL	fixed	1.2.12-r2	2022-08-05T07:15:07.24Z	frontend api blockchain provisioning excel-export-service email-notification-service storage-service logging-service migration frontend-collector
CVE-2021-3999	libc-bin	Off-by-one buffer overflow/underflow in getcwd()	HIGH	fixed	2.31-13+deb11u4	2022-08-24T16:15:09.077Z	api blockchain
CVE-2023-4911	libc-bin	glibc: buffer overflow in ld.so leading to privilege escalation	HIGH	fixed	2.31-13+deb11u7	2023-10-03T18:15:10.463Z	api blockchain
CVE-2022-2509	libgnutls30	gnutls: Double free during gnutls_pkcs7_verify	HIGH	fixed	3.7.1-5+deb11u2	2022-08-01T14:15:09.89Z	api blockchain
CVE-2023-0361	libgnutls30	gnutls: timing side-channel in the TLS RSA key exchange code	HIGH	fixed	3.7.1-5+deb11u3	2023-02-15T18:15:11.683Z	api blockchain
CVE-2022-42898	libgssapi-krb5-2	krb5: integer overflow vulnerabilities in PAC parsing	HIGH	fixed	1.18.3-6+deb11u3	2022-12-25T06:15:09.427Z	api blockchain	https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c
CVE-2022-2068	libssl1.1	openssl: the c_rehash script allows command injection	CRITICAL	fixed	1.1.1n-0+deb11u3	2022-06-21T15:15:09.06Z	api blockchain
CVE-2021-46848	libtasn1-6	libtasn1: Out-of-bound access in ETYPE_OK	CRITICAL	fixed	4.16.0-2+deb11u1	2022-10-24T14:15:49.973Z	api blockchain
CVE-2023-25775	linux-libc-dev	kernel: irdma: Improper access control	CRITICAL	fixed	5.10.205-2	2023-08-11T03:15:18.94Z	api
CVE-2023-35827	linux-libc-dev	race condition leading to use-after-free in ravb_remove()	HIGH	fixed	5.10.205-2	2023-06-18T22:15:09.373Z	api
CVE-2023-46813	linux-libc-dev	kernel: SEV-ES local priv escalation	HIGH	fixed	5.10.205-2	2023-10-27T03:15:08.27Z	api
CVE-2023-5178	linux-libc-dev	kernel: use after free in nvmet_tcp_free_crypto in NVMe	HIGH	fixed	5.10.205-2	2023-11-01T17:15:11.92Z	api
CVE-2023-51780	linux-libc-dev	kernel: use-after-free in net/atm/ioctl.c	HIGH	fixed	5.10.205-2	2024-01-11T19:15:12.5Z	api
CVE-2023-51781	linux-libc-dev	kernel: use-after-free in net/appletalk/ddp.c	HIGH	fixed	5.10.205-2	2024-01-11T19:15:12.553Z	api
CVE-2023-5717	linux-libc-dev	kernel: A heap out-of-bounds write	HIGH	fixed	5.10.205-2	2023-10-25T18:17:43.913Z	api
CVE-2023-6531	linux-libc-dev	kernel: GC's deletion of an SKB races with unix_stream_read_generic() leading to UAF	HIGH	fixed	5.10.205-2	-	api
CVE-2023-6817	linux-libc-dev	kernel: inactive elements in nft_pipapo_walk	HIGH	fixed	5.10.205-2	2023-12-18T15:15:10.21Z	api
CVE-2023-6931	linux-libc-dev	kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size	HIGH	fixed	5.10.205-2	2023-12-19T14:15:08.277Z	api
CVE-2023-6932	linux-libc-dev	kernel: use-after-free in IPv4 IGMP	HIGH	fixed	5.10.205-2	2023-12-19T14:15:08.46Z	api
CVE-2021-46828	libtirpc-common	libtirpc: DoS vulnerability with lots of connections	HIGH	fixed	1.3.1-1+deb11u1	2022-07-20T06:15:07.907Z	blockchain
CVE-2022-30065	busybox	busybox: A use-after-free in Busybox's awk applet leads to denial of service	HIGH	fixed	1.35.0-r15	2022-05-18T15:15:10.24Z	provisioning excel-export-service email-notification-service storage-service logging-service migration frontend-collector
CVE-2021-41617	openssh-client	privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured	HIGH	fixed	1:8.4p1-5+deb11u3	2021-09-26T19:15:07.263Z	e2e-test
CVE-2023-5367	xserver-common	xorg-x11-server: Out-of-bounds write in XIChangeDeviceProperty/RRChangeOutputProperty	HIGH	fixed	2:1.20.11-1+deb11u8	2023-10-25T20:15:18.323Z	e2e-test
CVE-2023-6377	xserver-common	xorg-x11-server: out-of-bounds memory reads/writes in XKB button actions	HIGH	fixed	2:1.20.11-1+deb11u10	2023-12-13T07:15:30.03Z	e2e-test
CVE-2023-6478	xserver-common	xorg-x11-server: out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty	HIGH	fixed	2:1.20.11-1+deb11u9	2023-12-13T07:15:31.213Z	e2e-test

[SamuelPull]

Closing this issue and triggering scan manually.