CVE-2023-52425 - HIGH severity - expat: parsing large tokens can trigger a denial of service vulnerability in libexpat

CVE-2024-28757 - HIGH severity - expat: XML Entity Expansion vulnerability in libexpat

CVE-2024-25062 - HIGH severity - libxml2: use-after-free in XMLReader vulnerability in libxml2

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2022-37434 - CRITICAL severity - zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field vulnerability in zlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2022-24775 - HIGH severity - guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ... vulnerability in guzzlehttp/psr7

CVE-2023-29197 - HIGH severity - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ... vulnerability in guzzlehttp/psr7

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-2398 - HIGH severity - curl: HTTP/2 push headers memory-leak vulnerability in curl

CVE-2024-6197 - HIGH severity - curl: freeing stack buffer in utf8asn1str vulnerability in curl

CVE-2024-33871 - HIGH severity - ghostscript: OPVP device arbitrary code execution via custom Driver library vulnerability in ghostscript

CVE-2024-32002 - CRITICAL severity - git: Recursive clones RCE vulnerability in git

CVE-2024-32004 - HIGH severity - git: RCE while cloning local repos vulnerability in git

CVE-2024-32465 - HIGH severity - git: additional local RCE vulnerability in git

CVE-2024-32002 - CRITICAL severity - git: Recursive clones RCE vulnerability in git-perl

CVE-2024-32004 - HIGH severity - git: RCE while cloning local repos vulnerability in git-perl

CVE-2024-32465 - HIGH severity - git: additional local RCE vulnerability in git-perl

CVE-2024-2398 - HIGH severity - curl: HTTP/2 push headers memory-leak vulnerability in libcurl

CVE-2024-32002 - CRITICAL severity - git: Recursive clones RCE vulnerability in git

CVE-2024-32004 - HIGH severity - git: RCE while cloning local repos vulnerability in git

CVE-2024-32465 - HIGH severity - git: additional local RCE vulnerability in git

CVE-2024-2398 - HIGH severity - curl: HTTP/2 push headers memory-leak vulnerability in libcurl

CVE-2024-6197 - HIGH severity - curl: freeing stack buffer in utf8asn1str vulnerability in libcurl

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib

CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib

CVE-2023-45283 - HIGH severity - The filepath package does not recognize paths with a \??\ prefix as sp ... vulnerability in stdlib

CVE-2023-44487 - HIGH severity - HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) vulnerability in libnghttp2-14

GHSA-xpw8-rcwv-8f8p - HIGH severity - io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack vulnerability in io.netty:netty-codec-http2

CVE-2023-34054 - HIGH severity - Reactor Netty HTTP Server denial of service vulnerability vulnerability in io.projectreactor.netty:reactor-netty-core

CVE-2023-34062 - HIGH severity - reactor-netty-http: directory traversal vulnerability vulnerability in io.projectreactor.netty:reactor-netty-http

CVE-2023-1370 - HIGH severity - json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) vulnerability in net.minidev:json-smart

CVE-2024-25710 - HIGH severity - commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file vulnerability in org.apache.commons:commons-compress

CVE-2024-35241 - HIGH severity - Composer is a dependency manager for PHP. On the 2.x branch prior to v ... vulnerability in composer

CVE-2024-35242 - HIGH severity - Composer is a dependency manager for PHP. On the 2.x branch prior to v ... vulnerability in composer

CVE-2024-2398 - HIGH severity - curl: HTTP/2 push headers memory-leak vulnerability in curl

CVE-2024-6197 - HIGH severity - curl: freeing stack buffer in utf8asn1str vulnerability in curl

CVE-2024-32002 - CRITICAL severity - git: Recursive clones RCE vulnerability in git

CVE-2024-32004 - HIGH severity - git: RCE while cloning local repos vulnerability in git

CVE-2024-32465 - HIGH severity - git: additional local RCE vulnerability in git

CVE-2024-2398 - HIGH severity - curl: HTTP/2 push headers memory-leak vulnerability in libcurl

CVE-2024-6197 - HIGH severity - curl: freeing stack buffer in utf8asn1str vulnerability in libcurl

CVE-2024-6387 - HIGH severity - openssh: regreSSHion - race condition in SSH allows RCE/DoS vulnerability in openssh

CVE-2024-2398 - HIGH severity - curl: HTTP/2 push headers memory-leak vulnerability in curl

CVE-2022-48622 - HIGH severity - gnome: heap memory corruption on gdk-pixbuf vulnerability in gir1.2-gdkpixbuf-2.0

CVE-2024-32002 - CRITICAL severity - git: Recursive clones RCE vulnerability in git

CVE-2023-25652 - HIGH severity - git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents vulnerability in git

CVE-2023-29007 - HIGH severity - git: arbitrary configuration injection when renaming or deleting a section from a configuration file vulnerability in git

CVE-2024-32004 - HIGH severity - git: RCE while cloning local repos vulnerability in git

CVE-2024-32465 - HIGH severity - git: additional local RCE vulnerability in git

CVE-2024-32002 - CRITICAL severity - git: Recursive clones RCE vulnerability in git-man

CVE-2023-25652 - HIGH severity - git: by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents vulnerability in git-man

CVE-2023-29007 - HIGH severity - git: arbitrary configuration injection when renaming or deleting a section from a configuration file vulnerability in git-man

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-4603 - MEDIUM severity - openssl: Excessive time spent checking DSA keys and parameters vulnerability in libcrypto3

CVE-2024-4741 - MEDIUM severity - openssl: Use After Free with SSL_free_buffers vulnerability in libcrypto3

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2023-39326 - MEDIUM severity - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests vulnerability in stdlib

CVE-2023-45284 - MEDIUM severity - On Windows, The IsLocal function does not correctly detect reserved de ... vulnerability in stdlib

CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib

CVE-2023-45290 - MEDIUM severity - golang: net/http: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib

CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib

CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib

CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib

CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib

CVE-2024-24791 - MEDIUM severity - net/http: Denial of service due to improper 100-continue handling in net/http vulnerability in stdlib

CVE-2024-24786 - MEDIUM severity - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON vulnerability in google.golang.org/protobuf

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-4603 - MEDIUM severity - openssl: Excessive time spent checking DSA keys and parameters vulnerability in libcrypto3

CVE-2024-4741 - MEDIUM severity - openssl: Use After Free with SSL_free_buffers vulnerability in libcrypto3

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-39326 - MEDIUM severity - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests vulnerability in stdlib

CVE-2023-45284 - MEDIUM severity - On Windows, The IsLocal function does not correctly detect reserved de ... vulnerability in stdlib

CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib

CVE-2023-45290 - MEDIUM severity - golang: net/http: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib

CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib

CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib

CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib

CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib

CVE-2024-24791 - MEDIUM severity - net/http: Denial of service due to improper 100-continue handling in net/http vulnerability in stdlib

CVE-2024-24786 - MEDIUM severity - golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON vulnerability in google.golang.org/protobuf

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2024-7264 - MEDIUM severity - curl: libcurl: ASN.1 date parser overread vulnerability in curl

CVE-2024-7264 - MEDIUM severity - curl: libcurl: ASN.1 date parser overread vulnerability in libcurl

CVE-2023-39326 - MEDIUM severity - golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests vulnerability in stdlib

CVE-2023-45284 - MEDIUM severity - On Windows, The IsLocal function does not correctly detect reserved de ... vulnerability in stdlib

CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib

CVE-2023-45290 - MEDIUM severity - golang: net/http: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib

CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib

CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib

CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib

CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-35235 - MEDIUM severity - cups: Cupsd Listen arbitrary chmod 0140777 vulnerability in cups-libs

CVE-2024-0853 - MEDIUM severity - curl: OCSP verification bypass with TLS session reuse vulnerability in curl

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-4603 - MEDIUM severity - openssl: Excessive time spent checking DSA keys and parameters vulnerability in libcrypto3

CVE-2024-4741 - MEDIUM severity - openssl: Use After Free with SSL_free_buffers vulnerability in libcrypto3

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2024-28085 - MEDIUM severity - util-linux: CVE-2024-28085: wall: escape sequence injection vulnerability in bsdutils

CVE-2023-46218 - MEDIUM severity - curl: information disclosure by exploiting a mixed case flaw vulnerability in curl

CVE-2024-2398 - MEDIUM severity - curl: HTTP/2 push headers memory-leak vulnerability in curl

CVE-2024-7264 - MEDIUM severity - curl: libcurl: ASN.1 date parser overread vulnerability in curl

CVE-2024-28085 - MEDIUM severity - util-linux: CVE-2024-28085: wall: escape sequence injection vulnerability in fdisk

CVE-2024-28085 - MEDIUM severity - util-linux: CVE-2024-28085: wall: escape sequence injection vulnerability in libblkid1

CVE-2024-2961 - MEDIUM severity - glibc: Out of bounds write in iconv may lead to remote code execution vulnerability in libc-bin

CVE-2024-33599 - MEDIUM severity - glibc: stack-based buffer overflow in netgroup cache vulnerability in libc-bin

CVE-2024-33600 - MEDIUM severity - glibc: null pointer dereferences after failed netgroup cache insertion vulnerability in libc-bin

CVE-2024-33601 - MEDIUM severity - glibc: netgroup cache may terminate daemon on memory allocation failure vulnerability in libc-bin

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox

CVE-2023-42363 - MEDIUM severity - busybox: use-after-free in awk vulnerability in busybox-binsh

CVE-2023-42364 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42365 - MEDIUM severity - busybox: use-after-free vulnerability in busybox-binsh

CVE-2023-42366 - MEDIUM severity - busybox: A heap-buffer-overflow vulnerability in busybox-binsh

CVE-2024-0853 - MEDIUM severity - curl: OCSP verification bypass with TLS session reuse vulnerability in curl

CVE-2024-2004 - MEDIUM severity - curl: Usage of disabled protocol vulnerability in curl

The following actions use a deprecated Node.js version and will be forced to run on node20: github/codeql-action/upload-sarif@v2. For more info: https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in cpp-12

CVE-2024-2004 - MEDIUM severity - curl: Usage of disabled protocol vulnerability in curl

CVE-2024-7264 - MEDIUM severity - curl: libcurl: ASN.1 date parser overread vulnerability in curl

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in g++-12

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in gcc-12

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in gcc-12-base

CVE-2024-26458 - MEDIUM severity - krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c vulnerability in krb5-multidev

CVE-2024-26461 - MEDIUM severity - krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c vulnerability in krb5-multidev

CVE-2023-49582 - MEDIUM severity - APR: Lax permissions in Apache Portable Runtime shared memory vulnerability in libapr1

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in libasan8

CodeQL Action v2 will be deprecated on December 5th, 2024. Please update all occurrences of the CodeQL Action in your workflow files to v3. For more information, see https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/

CVE-2024-1580 - UNKNOWN severity - An integer overflow in dav1d AV1 decoder that can occur when decoding ... vulnerability in libdav1d

CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in libcrypto3

CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in libssl3

CVE-2024-32020 - LOW severity - git: insecure hardlinks vulnerability in git

CVE-2024-32021 - LOW severity - git: symlink bypass vulnerability in git

CVE-2024-32020 - LOW severity - git: insecure hardlinks vulnerability in git-perl

CVE-2024-32021 - LOW severity - git: symlink bypass vulnerability in git-perl

CVE-2024-34397 - LOW severity - glib2: Signal subscription vulnerabilities vulnerability in glib

CVE-2024-22018 - LOW severity - nodejs: fs.lstat bypasses permission model vulnerability in nodejs

CVE-2024-36137 - LOW severity - nodejs: fs.fchown/fchmod bypasses permission model vulnerability in nodejs

CVE-2024-32020 - LOW severity - git: insecure hardlinks vulnerability in perl-git

CVE-2024-32021 - LOW severity - git: symlink bypass vulnerability in perl-git

CVE-2022-30629 - LOW severity - golang: crypto/tls: session tickets lack random ticket_age_add vulnerability in stdlib

CVE-2024-32020 - LOW severity - git: insecure hardlinks vulnerability in git

CVE-2024-32021 - LOW severity - git: symlink bypass vulnerability in git

CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in libcrypto3

CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in libssl3

CVE-2016-2781 - LOW severity - coreutils: Non-privileged session can escape to the parent session in chroot vulnerability in coreutils

CVE-2023-38546 - LOW severity - curl: cookie injection with none file vulnerability in curl

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpgv

CVE-2016-20013 - LOW severity - sha256crypt and sha512crypt through 0.6 allow... vulnerability in libc-bin

CVE-2023-4806 - LOW severity - glibc: potential use-after-free in getaddrinfo() vulnerability in libc-bin

CVE-2023-4813 - LOW severity - glibc: potential use-after-free in gaih_inet() vulnerability in libc-bin

CVE-2016-20013 - LOW severity - sha256crypt and sha512crypt through 0.6 allow... vulnerability in libc6

CVE-2023-4806 - LOW severity - glibc: potential use-after-free in getaddrinfo() vulnerability in libc6

CVE-2023-4813 - LOW severity - glibc: potential use-after-free in gaih_inet() vulnerability in libc6

CVE-2023-38546 - LOW severity - curl: cookie injection with none file vulnerability in libcurl4

CVE-2024-32020 - LOW severity - git: insecure hardlinks vulnerability in git

CVE-2024-32021 - LOW severity - git: symlink bypass vulnerability in git

CVE-2022-30629 - LOW severity - golang: crypto/tls: session tickets lack random ticket_age_add vulnerability in stdlib

CVE-2022-30629 - LOW severity - golang: crypto/tls: session tickets lack random ticket_age_add vulnerability in stdlib

CVE-2011-3374 - LOW severity - It was found that apt-key in apt, all versions, do not correctly valid ... vulnerability in apt

TEMP-0841856-B18BAF - LOW severity - [Privilege escalation possible to other user than root] vulnerability in bash

CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils

CVE-2018-18483 - LOW severity - binutils: Integer overflow in cplus-dem.c:get_count() allows for denial of service vulnerability in binutils

CVE-2018-20673 - LOW severity - libiberty: Integer overflow in demangle_template() function vulnerability in binutils

CVE-2018-20712 - LOW severity - libiberty: heap-based buffer over-read in d_expression_1 vulnerability in binutils

CVE-2018-9996 - LOW severity - binutils: Stack-overflow in libiberty/cplus-dem.c causes crash vulnerability in binutils

CVE-2021-32256 - LOW severity - binutils: stack-overflow issue in demangle_type in rust-demangle.c. vulnerability in binutils

CVE-2023-1972 - LOW severity - binutils: Illegal memory access when accessing a zer0-lengthverdef table vulnerability in binutils