-
Notifications
You must be signed in to change notification settings - Fork 41
v2.17.0 Security vulnerability report images
System bot edited this page May 18, 2025
·
177 revisions
| SUBSCRIPTIONID | RESOURCEGROUP | VULNID | IDENTIFICATIONDATE | CATEGORY | CVE | CVSS | SEVERITY | DISPLAYNAME | RESOURCEID | RESOURCEID_SINGLE | AKTIV | HOST | OSDETAILS |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | provisioning-v2.17.0 | provisioning-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | excel-export-service-v2.17.0 | excel-export-service-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | email-notification-service-v2.17.0 | email-notification-service-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | storage-service-v2.17.0 | storage-service-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | migration-v2.17.0 | migration-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-12797 | 2025-02-11T16:15:38.827Z | docker image audit | CVE-2024-12797 | HIGH | openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected | frontend-collector-v2.17.0 | frontend-collector-v2.17.0 | Yes | package: libcrypto3, status: fixed, fixedVersion: 3.3.3-r0 | ||
| - | - | CVE-2024-8176 | 2025-03-14T09:15:14.157Z | docker image audit | CVE-2024-8176 | HIGH | libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libexpat, status: fixed, fixedVersion: 2.7.0-r0 | ||
| - | - | CVE-2024-56171 | 2025-02-18T22:15:12.797Z | docker image audit | CVE-2024-56171 | HIGH | libxml2: Use-After-Free in libxml2 | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxml2, status: fixed, fixedVersion: 2.12.7-r1 | ||
| - | - | CVE-2025-24928 | 2025-02-18T23:15:10.25Z | docker image audit | CVE-2025-24928 | HIGH | libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2 | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxml2, status: fixed, fixedVersion: 2.12.7-r1 | ||
| - | - | CVE-2025-27113 | 2025-02-18T23:15:10.96Z | docker image audit | CVE-2025-27113 | HIGH | libxml2: NULL Pointer Dereference in libxml2 xmlPatMatch | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxml2, status: fixed, fixedVersion: 2.12.7-r2 | ||
| - | - | CVE-2025-32414 | 2025-04-08T03:15:15.94Z | docker image audit | CVE-2025-32414 | HIGH | libxml2: Out-of-Bounds Read in libxml2 | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxml2, status: fixed, fixedVersion: 2.12.7-r3 | ||
| - | - | CVE-2025-32415 | 2025-04-17T17:15:33.733Z | docker image audit | CVE-2025-32415 | HIGH | libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxml2, status: fixed, fixedVersion: 2.12.7-r3 | ||
| - | - | CVE-2024-55549 | 2025-03-14T02:15:15.333Z | docker image audit | CVE-2024-55549 | HIGH | libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxslt, status: fixed, fixedVersion: 1.1.39-r2 | ||
| - | - | CVE-2025-24855 | 2025-03-14T02:15:15.717Z | docker image audit | CVE-2025-24855 | HIGH | libxslt: Use-After-Free in libxslt numbers.c | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: libxslt, status: fixed, fixedVersion: 1.1.39-r2 | ||
| - | - | CVE-2025-31115 | 2025-04-03T17:15:30.54Z | docker image audit | CVE-2025-31115 | HIGH | xz: XZ has a heap-use-after-free bug in threaded .xz decoder | frontend-v2.17.0 | frontend-v2.17.0 | Yes | package: xz-libs, status: fixed, fixedVersion: 5.6.2-r1 | ||
| - | - | CVE-2025-31115 | 2025-04-03T17:15:30.54Z | docker image audit | CVE-2025-31115 | HIGH | xz: XZ has a heap-use-after-free bug in threaded .xz decoder | api-v2.17.0 | api-v2.17.0 | Yes | package: xz-libs, status: fixed, fixedVersion: 5.6.2-r1 | ||
| - | - | CVE-2025-31115 | 2025-04-03T17:15:30.54Z | docker image audit | CVE-2025-31115 | HIGH | xz: XZ has a heap-use-after-free bug in threaded .xz decoder | blockchain-v2.17.0 | blockchain-v2.17.0 | Yes | package: xz-libs, status: fixed, fixedVersion: 5.6.2-r1 | ||
| - | - | CVE-2025-31115 | 2025-04-03T17:15:30.54Z | docker image audit | CVE-2025-31115 | HIGH | xz: XZ has a heap-use-after-free bug in threaded .xz decoder | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xz-libs, status: fixed, fixedVersion: 5.6.2-r1 | ||
| - | - | CVE-2024-56406 | 2025-04-13T14:15:14.527Z | docker image audit | CVE-2024-56406 | HIGH | perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes | api-v2.17.0 | api-v2.17.0 | Yes | package: perl-base, status: fixed, fixedVersion: 5.36.0-7+deb12u2 | ||
| - | - | CVE-2024-56406 | 2025-04-13T14:15:14.527Z | docker image audit | CVE-2024-56406 | HIGH | perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes | blockchain-v2.17.0 | blockchain-v2.17.0 | Yes | package: perl-base, status: fixed, fixedVersion: 5.36.0-7+deb12u2 | ||
| - | - | CVE-2024-56406 | 2025-04-13T14:15:14.527Z | docker image audit | CVE-2024-56406 | HIGH | perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: perl-base, status: fixed, fixedVersion: 5.36.0-7+deb12u2 | ||
| - | - | CVE-2025-27363 | 2025-03-11T14:15:25.427Z | docker image audit | CVE-2025-27363 | HIGH | freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libfreetype6, status: fixed, fixedVersion: 2.12.1+dfsg-5+deb12u4 | ||
| - | - | CVE-2024-52533 | 2024-11-11T23:15:05.967Z | docker image audit | CVE-2024-52533 | HIGH | glib: buffer overflow in set_connect_msg() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libglib2.0-0, status: fixed, fixedVersion: 2.74.6-2+deb12u5 | ||
| - | - | CVE-2024-0743 | 2024-01-23T14:15:38.28Z | docker image audit | CVE-2024-0743 | HIGH | Mozilla: Crash in NSS TLS method | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libnss3, status: fixed, fixedVersion: 2:3.87.1-1+deb12u1 | ||
| - | - | CVE-2024-6609 | 2024-07-09T15:15:12.923Z | docker image audit | CVE-2024-6609 | HIGH | When almost out-of-memory an elliptic curve key which was never alloca ... | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libnss3, status: fixed, fixedVersion: 2:3.87.1-1+deb12u1 | ||
| - | - | CVE-2023-7104 | 2023-12-29T10:15:13.89Z | docker image audit | CVE-2023-7104 | HIGH | sqlite: heap-buffer-overflow at sessionfuzz | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libsqlite3-0, status: fixed, fixedVersion: 3.40.1-2+deb12u1 | ||
| - | - | CVE-2023-52356 | 2024-01-25T20:15:39.063Z | docker image audit | CVE-2023-52356 | HIGH | libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libtiff6, status: fixed, fixedVersion: 4.5.0-6+deb12u2 | ||
| - | - | CVE-2024-7006 | 2024-08-12T13:38:40.577Z | docker image audit | CVE-2024-7006 | HIGH | libtiff: NULL pointer dereference in tif_dirinfo.c | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: libtiff6, status: fixed, fixedVersion: 4.5.0-6+deb12u2 | ||
| - | - | CVE-2024-38428 | 2024-06-16T03:15:08.43Z | docker image audit | CVE-2024-38428 | CRITICAL | wget: Misinterpretation of input may lead to improper behavior | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: wget, status: fixed, fixedVersion: 1.21.3-1+deb12u1 | ||
| - | - | CVE-2024-9632 | 2024-10-30T08:15:04.83Z | docker image audit | CVE-2024-9632 | HIGH | xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u8 | ||
| - | - | CVE-2025-26594 | 2025-02-25T16:15:38.227Z | docker image audit | CVE-2025-26594 | HIGH | X.Org: Xwayland: Use-after-free of the root cursor | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26595 | 2025-02-25T16:15:38.39Z | docker image audit | CVE-2025-26595 | HIGH | Xorg: xwayland: Buffer overflow in XkbVModMaskText() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26596 | 2025-02-25T16:15:38.603Z | docker image audit | CVE-2025-26596 | HIGH | xorg: xwayland: Heap overflow in XkbWriteKeySyms() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26597 | 2025-02-25T16:15:38.797Z | docker image audit | CVE-2025-26597 | HIGH | xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26598 | 2025-02-25T16:15:38.977Z | docker image audit | CVE-2025-26598 | HIGH | xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26599 | 2025-02-25T16:15:39.163Z | docker image audit | CVE-2025-26599 | HIGH | xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26600 | 2025-02-25T16:15:39.35Z | docker image audit | CVE-2025-26600 | HIGH | xorg: xwayland: Use-after-free in PlayReleasedEvents() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 | ||
| - | - | CVE-2025-26601 | 2025-02-25T16:15:39.537Z | docker image audit | CVE-2025-26601 | HIGH | xorg: xwayland: Use-after-free in SyncInitTrigger() | e2e-test-v2.17.0 | e2e-test-v2.17.0 | Yes | package: xserver-common, status: fixed, fixedVersion: 2:21.1.7-3+deb12u9 |
Last scan date: 2025-5-18 6:35:31