Open armorcodegithubpreprod[bot] opened 6 months ago
Finding [47833483|https://preprod.armorcode.ai/#/findings/257/1167/47833483], [47833398|https://preprod.armorcode.ai/#/findings/257/1167/47833398], [47833488|https://preprod.armorcode.ai/#/findings/257/1167/47833488], [47833489|https://preprod.armorcode.ai/#/findings/257/1167/47833489], [47833381|https://preprod.armorcode.ai/#/findings/257/1167/47833381], [47833490|https://preprod.armorcode.ai/#/findings/257/1167/47833490] are Mitigated
by SYSTEM via ArmorCode Platform
Findings for Container Security, Low, [TheRedHatter/javagoof:Dockerfile]:Use After Free
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
tiff
package.DISPUTED In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libsepol
package.The CIL compiler in SELinux 3.2 has a use-after-free in cil_verify_classperms (called from verify_map_perm_classperms and hashtab_map).
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libsepol
package.The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libsepol
package.The CIL compiler in SELinux 3.2 has a use-after-free in cil_verify_classperms (called from cil_verify_classpermission and __cil_pre_verify_helper).
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
sqlite3
package.In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
NVD Description
Note: Versions mentioned in the description apply to the upstream
libxkbcommon
package.An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other impact by supplying a crafted keymap file.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active