dockerhub.hi.inet evolved 5g fogusnetapp nef_emulator_mongo_1 - Telefonica/Evolved5g-FogusNetApp Wiki

Scan of image: dockerhub.hi.inet/evolved-5g/fogusnetapp-nef_emulator_mongo_1


Summary

Severity Number of vulnerabilities
HIGH 4
MEDIUM 52
LOW 62
UNKNOWN 8

Vulnerabilities

Severity ID Title PkgName InstalledVersion FixedVersion
HIGH CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL command libsasl2-2 2.1.27+dfsg-2 2.1.27+dfsg-2ubuntu0.1
HIGH CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL command libsasl2-modules-db 2.1.27+dfsg-2 2.1.27+dfsg-2ubuntu0.1
HIGH CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates libssl1.1 1.1.1f-1ubuntu2.8 1.1.1f-1ubuntu2.12
HIGH CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates openssl 1.1.1f-1ubuntu2.8 1.1.1f-1ubuntu2.12
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid bsdutils 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount bsdutils 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2022-1664 Dpkg::Source::Archive in dpkg, the Debian package management system, b ... dpkg 1.19.7ubuntu3 1.19.7ubuntu3.2
MEDIUM CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem e2fsprogs 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid fdisk 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount fdisk 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2022-1271 gzip: arbitrary-file-write vulnerability gzip 1.10-0ubuntu4 1.10-0ubuntu4.1
MEDIUM CVE-2021-36222 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re krb5-locales 1.17-6ubuntu4.1
MEDIUM CVE-2021-37750 krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l krb5-locales 1.17-6ubuntu4.1
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid libblkid1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount libblkid1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3999 glibc: Off-by-one buffer overflow/underflow in getcwd() libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
MEDIUM CVE-2021-3999 glibc: Off-by-one buffer overflow/underflow in getcwd() libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
MEDIUM CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem libcom-err2 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
MEDIUM CVE-2022-22576 curl: OAUTH2 bearer bypass in connection re-use libcurl4 7.68.0-1ubuntu2.7 7.68.0-1ubuntu2.10
MEDIUM CVE-2022-27774 curl: credential leak on redirect libcurl4 7.68.0-1ubuntu2.7 7.68.0-1ubuntu2.10
MEDIUM CVE-2022-27782 curl: TLS and SSH connection too eager reuse libcurl4 7.68.0-1ubuntu2.7 7.68.0-1ubuntu2.11
MEDIUM CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem libext2fs2 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid libfdisk1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount libfdisk1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-36222 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re libgssapi-krb5-2 1.17-6ubuntu4.1
MEDIUM CVE-2021-37750 krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l libgssapi-krb5-2 1.17-6ubuntu4.1
MEDIUM CVE-2021-36222 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re libk5crypto3 1.17-6ubuntu4.1
MEDIUM CVE-2021-37750 krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l libk5crypto3 1.17-6ubuntu4.1
MEDIUM CVE-2021-36222 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re libkrb5-3 1.17-6ubuntu4.1
MEDIUM CVE-2021-37750 krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l libkrb5-3 1.17-6ubuntu4.1
MEDIUM CVE-2021-36222 krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could re libkrb5support0 1.17-6ubuntu4.1
MEDIUM CVE-2021-37750 krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that l libkrb5support0 1.17-6ubuntu4.1
MEDIUM CVE-2022-29155 openldap: OpenLDAP SQL injection libldap-2.4-2 2.4.49+dfsg-2ubuntu1.8 2.4.49+dfsg-2ubuntu1.9
MEDIUM CVE-2022-29155 openldap: OpenLDAP SQL injection libldap-common 2.4.49+dfsg-2ubuntu1.8 2.4.49+dfsg-2ubuntu1.9
MEDIUM CVE-2022-1271 gzip: arbitrary-file-write vulnerability liblzma5 5.2.4-1ubuntu1 5.2.4-1ubuntu1.1
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid libmount1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount libmount1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid libsmartcols1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount libsmartcols1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2020-9794 libsqlite3-0 3.31.1-4ubuntu0.2
MEDIUM CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem libss2 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
MEDIUM CVE-2022-1292 openssl: c_rehash script allows command injection libssl1.1 1.1.1f-1ubuntu2.8 1.1.1f-1ubuntu2.13
MEDIUM CVE-2022-2068 openssl: the c_rehash script allows command injection libssl1.1 1.1.1f-1ubuntu2.8 1.1.1f-1ubuntu2.15
MEDIUM CVE-2021-3997 systemd: Uncontrolled recursion in systemd-tmpfiles when removing files libsystemd0 245.4-4ubuntu3.13 245.4-4ubuntu3.15
MEDIUM CVE-2021-3997 systemd: Uncontrolled recursion in systemd-tmpfiles when removing files libudev1 245.4-4ubuntu3.13 245.4-4ubuntu3.15
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid libuuid1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount libuuid1 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2022-1304 e2fsprogs: out-of-bounds read/write via crafted filesystem logsave 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid mount 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount mount 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2022-1292 openssl: c_rehash script allows command injection openssl 1.1.1f-1ubuntu2.8 1.1.1f-1ubuntu2.13
MEDIUM CVE-2022-2068 openssl: the c_rehash script allows command injection openssl 1.1.1f-1ubuntu2.8 1.1.1f-1ubuntu2.15
MEDIUM CVE-2020-16156 perl-CPAN: Bypass of verification of signatures in CHECKSUMS files perl-base 5.30.0-9ubuntu0.2
MEDIUM CVE-2021-3995 util-linux: Unauthorized unmount of FUSE filesystems belonging to users with similar uid util-linux 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2021-3996 util-linux: Unauthorized unmount of filesystems in libmount util-linux 2.34-0.1ubuntu9.1 2.34-0.1ubuntu9.3
MEDIUM CVE-2018-25032 zlib: A flaw found in zlib when compressing (not decompressing) certain inputs zlib1g 1:1.2.11.dfsg-2ubuntu1.2 1:1.2.11.dfsg-2ubuntu1.3
LOW CVE-2019-18276 bash: when effective UID is not equal to its real UID the saved UID is not dropped bash 5.0-6ubuntu1.1 5.0-6ubuntu1.2
LOW CVE-2016-2781 coreutils: Non-privileged session can escape to the parent session in chroot coreutils 8.30-3ubuntu2
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libasn1-8-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2016-20013 libc-bin 2.31-0ubuntu9.2
LOW CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR en libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2020-29562 glibc: assertion failure in iconv when converting invalid UCS4 libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2020-6096 glibc: signed comparison vulnerability in the ARMv7 memcpy function libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2021-35942 glibc: Arbitrary read in wordexp() libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2022-23218 glibc: Stack-based buffer overflow in svcunix_create via long pathnames libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2022-23219 glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname libc-bin 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2016-10228 glibc: iconv program can hang when invoked with the -c option libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2016-20013 libc6 2.31-0ubuntu9.2
LOW CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR en libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2020-27618 glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, wh libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2020-29562 glibc: assertion failure in iconv when converting invalid UCS4 libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2020-6096 glibc: signed comparison vulnerability in the ARMv7 memcpy function libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2021-3326 glibc: Assertion failure in ISO-2022-JP-3 gconv module related to combining characters libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2021-35942 glibc: Arbitrary read in wordexp() libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2022-23218 glibc: Stack-based buffer overflow in svcunix_create via long pathnames libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2022-23219 glibc: Stack-based buffer overflow in sunrpc clnt_create via a long pathname libc6 2.31-0ubuntu9.2 2.31-0ubuntu9.7
LOW CVE-2022-27775 curl: bad local IPv6 connection reuse libcurl4 7.68.0-1ubuntu2.7 7.68.0-1ubuntu2.10
LOW CVE-2022-27776 curl: auth/cookie leak on redirect libcurl4 7.68.0-1ubuntu2.7 7.68.0-1ubuntu2.10
LOW CVE-2022-27781 curl: CERTINFO never-ending busy-loop libcurl4 7.68.0-1ubuntu2.7 7.68.0-1ubuntu2.11
LOW CVE-2021-43618 gmp: Integer overflow and resultant buffer overflow via crafted input libgmp10 2:6.2.0+dfsg-4
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libgssapi3-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libhcrypto4-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libheimbase1-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libheimntlm0-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libhx509-5-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libkrb5-26-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c libncurses6 6.2-0ubuntu2
LOW CVE-2022-29458 ncurses: segfaulting OOB read libncurses6 6.2-0ubuntu2
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c libncursesw6 6.2-0ubuntu2
LOW CVE-2022-29458 ncurses: segfaulting OOB read libncursesw6 6.2-0ubuntu2
LOW CVE-2022-1586 pcre2: Out-of-bounds read in compile_xclass_matchingpath in pcre2_jit_compile.c libpcre2-8-0 10.34-7
LOW CVE-2022-1587 pcre2: Out-of-bounds read in get_recurse_data_length in pcre2_jit_compile.c libpcre2-8-0 10.34-7
LOW CVE-2017-11164 pcre: OP_KETRMAX feature in the match function in pcre_exec.c libpcre3 2:8.39-12build1
LOW CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 libpcre3 2:8.39-12build1 2:8.39-12ubuntu0.1
LOW CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments libpcre3 2:8.39-12build1 2:8.39-12ubuntu0.1
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libroken18-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2021-36084 libsepol: use-after-free in __cil_verify_classperms() libsepol1 3.0-1 3.0-1ubuntu0.1
LOW CVE-2021-36085 libsepol: use-after-free in __cil_verify_classperms() libsepol1 3.0-1 3.0-1ubuntu0.1
LOW CVE-2021-36086 libsepol: use-after-free in cil_reset_classpermission() libsepol1 3.0-1 3.0-1ubuntu0.1
LOW CVE-2021-36087 libsepol: heap-based buffer overflow in ebitmap_match_any() libsepol1 3.0-1 3.0-1ubuntu0.1
LOW CVE-2020-9849 libsqlite3-0 3.31.1-4ubuntu0.2
LOW CVE-2020-9991 libsqlite3-0 3.31.1-4ubuntu0.2
LOW CVE-2021-36690 ** DISPUTED ** A segmentation fault can occur in the sqlite3.exe comma ... libsqlite3-0 3.31.1-4ubuntu0.2 3.31.1-4ubuntu0.3
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c libtinfo6 6.2-0ubuntu2
LOW CVE-2022-29458 ncurses: segfaulting OOB read libtinfo6 6.2-0ubuntu2
LOW CVE-2021-3671 samba: Null pointer dereference on missing sname in TGS-REQ libwind0-heimdal 7.7.0+dfsg-1ubuntu1
LOW CVE-2013-4235 shadow-utils: TOCTOU race conditions by copying and removing directory trees login 1:4.8.1-1ubuntu5.20.04.1
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c ncurses-base 6.2-0ubuntu2
LOW CVE-2022-29458 ncurses: segfaulting OOB read ncurses-base 6.2-0ubuntu2
LOW CVE-2021-39537 ncurses: heap-based buffer overflow in _nc_captoinfo() in captoinfo.c ncurses-bin 6.2-0ubuntu2
LOW CVE-2022-29458 ncurses: segfaulting OOB read ncurses-bin 6.2-0ubuntu2
LOW CVE-2013-4235 shadow-utils: TOCTOU race conditions by copying and removing directory trees passwd 1:4.8.1-1ubuntu5.20.04.1
LOW CVE-2021-20193 tar: Memory leak in read_header() in list.c tar 1.30+dfsg-7ubuntu0.20.04.1 1.30+dfsg-7ubuntu0.20.04.2
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7
UNKNOWN CVE-2021-38561 golang.org/x/text v0.3.5 0.3.7

Date: 2022-06-23