Dockerfile
Dockerfile copied to clipboard
Published
20 hours ago •
webdevops
webdevops
snyk reports security vulnerabilities
Hi,
I was interested in using the webdevops/php-nginx container in production but when scanned with docker scan, it reports a number of vulnerabilities present: "Tested 311 dependencies for known vulnerabilities, found 238 vulnerabilities." I've included the output below.
I'm curious if this is known to the maintainers and if it is of concern?
Thank you.
$ docker scan webdevops/php-nginx
Testing webdevops/php-nginx...
✗ Low severity vulnerability found in vim/xxd
Description: OS Command Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-VIM-570576
Introduced through: vim@2:8.0.1453-1ubuntu1.3
From: vim@2:8.0.1453-1ubuntu1.3 > vim/vim-common@2:8.0.1453-1ubuntu1.3 > vim/xxd@2:8.0.1453-1ubuntu1.3
From: vim@2:8.0.1453-1ubuntu1.3 > vim/vim-common@2:8.0.1453-1ubuntu1.3
From: vim@2:8.0.1453-1ubuntu1.3 > vim/vim-runtime@2:8.0.1453-1ubuntu1.3
and 1 more...
Fixed in: 2:8.0.1453-1ubuntu1.4
✗ Low severity vulnerability found in util-linux/libblkid1
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-UTILLINUX-345957
Introduced through: util-linux/[email protected], [email protected], util-linux/[email protected], util-linux/[email protected], meta-common-packages@meta, util-linux/[email protected], [email protected]~rc2-2ubuntu4, [email protected], syslog-ng/[email protected], sysvinit/[email protected], util-linux/[email protected], util-linux/[email protected]
From: util-linux/[email protected]
From: [email protected] > util-linux/[email protected]
From: util-linux/[email protected] > util-linux/[email protected]
and 22 more...
Fixed in: 2.31.1-0.4ubuntu3.7
✗ Low severity vulnerability found in unzip
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-UNZIP-1052052
Introduced through: [email protected]
From: [email protected]
Fixed in: 6.0-21ubuntu1.1
✗ Low severity vulnerability found in unzip
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-UNZIP-343450
Introduced through: [email protected]
From: [email protected]
Fixed in: 6.0-21ubuntu1.1
✗ Low severity vulnerability found in tiff/libtiff5
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-TIFF-405391
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12, [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > tiff/[email protected]
From: [email protected] > graphicsmagick/[email protected] > tiff/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > tiff/[email protected]
and 1 more...
✗ Low severity vulnerability found in tar
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-TAR-312298
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]
Fixed in: 1.29b-2ubuntu0.2
✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-TAR-559435
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]
Fixed in: 1.29b-2ubuntu0.2
✗ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: CVE-2020-9991
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-1070682
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
✗ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-1070693
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
✗ Low severity vulnerability found in sqlite3/libsqlite3-0
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-561066
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
Fixed in: 3.22.0-1ubuntu0.4
✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SHADOW-306209
Introduced through: shadow/passwd@1:4.5-1ubuntu2, openssh/openssh-client@1:7.6p1-4ubuntu0.3, apt/[email protected], shadow/login@1:4.5-1ubuntu2
From: shadow/passwd@1:4.5-1ubuntu2
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > shadow/passwd@1:4.5-1ubuntu2
From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1ubuntu2
and 1 more...
✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SHADOW-306233
Introduced through: shadow/passwd@1:4.5-1ubuntu2, openssh/openssh-client@1:7.6p1-4ubuntu0.3, apt/[email protected], shadow/login@1:4.5-1ubuntu2
From: shadow/passwd@1:4.5-1ubuntu2
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > shadow/passwd@1:4.5-1ubuntu2
From: apt/[email protected] > [email protected] > [email protected] > shadow/passwd@1:4.5-1ubuntu2
and 1 more...
✗ Low severity vulnerability found in python3.6/libpython3.6-minimal
Description: CVE-2020-27619
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-1065946
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.4
✗ Low severity vulnerability found in python3.6/libpython3.6-minimal
Description: HTTP Request Smuggling
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-1075584
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
✗ Low severity vulnerability found in python3.6/libpython3.6-minimal
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-567117
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1
✗ Low severity vulnerability found in python3.6/libpython3.6-minimal
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-589952
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.1
✗ Low severity vulnerability found in python3.6/libpython3.6-minimal
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-589953
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.1
✗ Low severity vulnerability found in python3.6/libpython3.6-minimal
Description: Incorrect Calculation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-589954
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.1
✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-548346
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1.1
✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-567118
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1
✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Incorrect Calculation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-589955
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1.1
✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-595768
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1.1
✗ Low severity vulnerability found in pngcrush
Description: Double Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PNGCRUSH-308647
Introduced through: [email protected]
From: [email protected]
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-340127
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-340141
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-340147
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-453076
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: Improper Preservation of Permissions
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-565729
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.4
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-565732
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.4
✗ Low severity vulnerability found in php7.2/php7.2-common
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-607878
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Low severity vulnerability found in php-pear
Description: Link Following
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHPPEAR-275791
Introduced through: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
From: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
✗ Low severity vulnerability found in php-pear
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHPPEAR-275796
Introduced through: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
From: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
✗ Low severity vulnerability found in perl
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PERL-570821
Introduced through: git@1:2.17.1-1ubuntu0.5, [email protected], meta-common-packages@meta
From: git@1:2.17.1-1ubuntu0.5 > [email protected]
From: git@1:2.17.1-1ubuntu0.5 > [email protected] > [email protected]
From: [email protected] > [email protected] > [email protected]
and 5 more...
Fixed in: 5.26.1-6ubuntu0.5
✗ Low severity vulnerability found in perl
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PERL-570822
Introduced through: git@1:2.17.1-1ubuntu0.5, [email protected], meta-common-packages@meta
From: git@1:2.17.1-1ubuntu0.5 > [email protected]
From: git@1:2.17.1-1ubuntu0.5 > [email protected] > [email protected]
From: [email protected] > [email protected] > [email protected]
and 5 more...
Fixed in: 5.26.1-6ubuntu0.5
✗ Low severity vulnerability found in perl
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PERL-570823
Introduced through: git@1:2.17.1-1ubuntu0.5, [email protected], meta-common-packages@meta
From: git@1:2.17.1-1ubuntu0.5 > [email protected]
From: git@1:2.17.1-1ubuntu0.5 > [email protected] > [email protected]
From: [email protected] > [email protected] > [email protected]
and 5 more...
Fixed in: 5.26.1-6ubuntu0.5
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PCRE3-452543
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-9
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PCRE3-572723
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-9
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PCRE3-572730
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-9
✗ Low severity vulnerability found in patch
Description: Double Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PATCH-303858
Introduced through: [email protected]
From: [email protected]
✗ Low severity vulnerability found in openssl1.0/libssl1.0.0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-1075593
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.6
✗ Low severity vulnerability found in openssl1.0/libssl1.0.0
Description: Missing Encryption of Sensitive Data
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-466483
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.4
✗ Low severity vulnerability found in openssl1.0/libssl1.0.0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-536862
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.4
✗ Low severity vulnerability found in openssl1.0/libssl1.0.0
Description: Missing Encryption of Sensitive Data
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-674775
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.4
✗ Low severity vulnerability found in openssl1.0/libssl1.0.0
Description: Inadequate Encryption Strength
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-674776
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.4
✗ Low severity vulnerability found in openssl
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-1075592
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.8
✗ Low severity vulnerability found in openssl
Description: Missing Encryption of Sensitive Data
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-466482
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.6
✗ Low severity vulnerability found in openssl
Description: Missing Encryption of Sensitive Data
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-466490
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.6
✗ Low severity vulnerability found in openssl
Description: Use of Insufficiently Random Values
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-466493
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.6
✗ Low severity vulnerability found in openssl
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-536861
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.6
✗ Low severity vulnerability found in openssh/openssh-client
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSH-1047874
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3
✗ Low severity vulnerability found in nettle/libhogweed4
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-NETTLE-302013
Introduced through: nettle/[email protected], [email protected], php7.2/[email protected], nettle/[email protected], git@1:2.17.1-1ubuntu0.5
From: nettle/[email protected]
From: [email protected] > curl/[email protected] > rtmpdump/[email protected]+20151223.gitfa8646d.1-1 > nettle/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4 > gnutls28/[email protected] > nettle/[email protected]
and 5 more...
✗ Low severity vulnerability found in ncurses/libtinfo5
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-NCURSES-481908
Introduced through: meta-common-packages@meta, ncurses/[email protected], procps@2:3.3.12-3ubuntu1.2, ncurses/[email protected], util-linux/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, ncurses/[email protected], ncurses/[email protected]
From: meta-common-packages@meta > ncurses/[email protected]
From: ncurses/[email protected]
From: procps@2:3.3.12-3ubuntu1.2 > ncurses/[email protected]
and 7 more...
✗ Low severity vulnerability found in ncurses/libtinfo5
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-NCURSES-482343
Introduced through: meta-common-packages@meta, ncurses/[email protected], procps@2:3.3.12-3ubuntu1.2, ncurses/[email protected], util-linux/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, ncurses/[email protected], ncurses/[email protected]
From: meta-common-packages@meta > ncurses/[email protected]
From: ncurses/[email protected]
From: procps@2:3.3.12-3ubuntu1.2 > ncurses/[email protected]
and 7 more...
✗ Low severity vulnerability found in lz4/liblz4-1
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LZ4-482649
Introduced through: lz4/[email protected]~r131-2ubuntu3, apt/[email protected]
From: lz4/[email protected]~r131-2ubuntu3
From: apt/[email protected] > lz4/[email protected]~r131-2ubuntu3
From: apt/[email protected] > systemd/[email protected] > lz4/[email protected]~r131-2ubuntu3
✗ Low severity vulnerability found in libzip/libzip4
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBZIP-379375
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > libzip/[email protected]
✗ Low severity vulnerability found in libxslt/libxslt1.1
Description: Use of Insufficiently Random Values
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBXSLT-308017
Introduced through: php7.2/[email protected], [email protected]
From: php7.2/[email protected] > php7.2/[email protected] > libxslt/[email protected]
From: [email protected] > nginx/[email protected] > nginx/[email protected] > libxslt/[email protected]
✗ Low severity vulnerability found in libxml2
Description: Improper Resource Shutdown or Release
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBXML2-609729
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]+dfsg1-6.1ubuntu1.3
✗ Low severity vulnerability found in libxml2
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBXML2-609732
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]+dfsg1-6.1ubuntu1.3
✗ Low severity vulnerability found in libx11/libx11-6
Description: CVE-2020-25697
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBX11-1040676
Introduced through: [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected] > graphicsmagick/[email protected] > libx11/libx11-6@2:1.6.4-3ubuntu0.2
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libx11/libx11-6@2:1.6.4-3ubuntu0.2
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libx11/libx11-6@2:1.6.4-3ubuntu0.2
and 4 more...
✗ Low severity vulnerability found in libtasn1-6
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBTASN16-339588
Introduced through: [email protected], php7.2/[email protected]
From: [email protected]
From: php7.2/[email protected] > postgresql-10/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4 > gnutls28/[email protected] > [email protected]
✗ Low severity vulnerability found in libpng1.6/libpng16-16
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBPNG16-296442
Introduced through: [email protected], [email protected], [email protected], [email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected] > libpng1.6/[email protected]
From: [email protected] > libpng1.6/[email protected]
From: [email protected] > libpng1.6/[email protected]
and 7 more...
✗ Low severity vulnerability found in libjpeg-turbo/libjpeg-turbo8
Description: Excessive Iteration
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBJPEGTURBO-573090
Introduced through: libjpeg-turbo/[email protected]
From: libjpeg-turbo/[email protected] > libjpeg8-empty/libjpeg8@8c-2ubuntu8 > libjpeg-turbo/[email protected]
From: libjpeg-turbo/[email protected]
✗ Low severity vulnerability found in libgcrypt20
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBGCRYPT20-455294
Introduced through: [email protected], apt/[email protected], apt/[email protected], php7.2/[email protected]
From: [email protected]
From: apt/[email protected] > systemd/[email protected] > [email protected]
From: apt/[email protected] > [email protected] > gnupg2/[email protected] > [email protected]
and 1 more...
✗ Low severity vulnerability found in krb5/libgssapi-krb5-2
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-KRB5-459140
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3, [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected], php7.2/[email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11, meta-common-packages@meta
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > krb5/[email protected]
From: [email protected] > curl/[email protected] > krb5/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > krb5/[email protected]
and 10 more...
✗ Low severity vulnerability found in krb5/libgssapi-krb5-2
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-KRB5-646343
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3, [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected], php7.2/[email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11, meta-common-packages@meta
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > krb5/[email protected]
From: [email protected] > curl/[email protected] > krb5/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > krb5/[email protected]
and 10 more...
✗ Low severity vulnerability found in jbigkit/libjbig0
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-JBIGKIT-289891
Introduced through: [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected] > graphicsmagick/[email protected] > jbigkit/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > jbigkit/[email protected]
From: php7.2/[email protected] > libgd2/[email protected] > tiff/[email protected] > jbigkit/[email protected]
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-1041201
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
Fixed in: 8:6.9.7.4+dfsg-16ubuntu6.9
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-1076627
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-1076642
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-1076653
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-400072
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Missing Release of Resource after Effective Lifetime
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-400102
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-542841
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
Fixed in: 8:6.9.7.4+dfsg-16ubuntu6.9
✗ Low severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-542849
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
Fixed in: 8:6.9.7.4+dfsg-16ubuntu6.9
✗ Low severity vulnerability found in heimdal/libasn1-8-heimdal
Description: Key Management Errors
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-HEIMDAL-346634
Introduced through: meta-common-packages@meta, php7.2/[email protected]
From: meta-common-packages@meta > heimdal/[email protected]+dfsg-1
From: meta-common-packages@meta > heimdal/[email protected]+dfsg-1
From: meta-common-packages@meta > heimdal/[email protected]+dfsg-1
and 12 more...
✗ Low severity vulnerability found in graphicsmagick/libgraphicsmagick-q16-3
Description: Missing Release of Resource after Effective Lifetime
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GRAPHICSMAGICK-452486
Introduced through: [email protected]
From: [email protected] > graphicsmagick/[email protected]
From: [email protected]
✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GNUTLS28-340583
Introduced through: gnutls28/[email protected], apt/[email protected], git@1:2.17.1-1ubuntu0.5, [email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, php7.2/[email protected]
From: gnutls28/[email protected]
From: apt/[email protected] > [email protected] > gnutls28/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > gnutls28/[email protected]
and 3 more...
✗ Low severity vulnerability found in gnupg2/gpgv
Description: Improper Certificate Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GNUPG2-453470
Introduced through: gnupg2/[email protected], apt/[email protected]
From: gnupg2/[email protected]
From: apt/[email protected] > [email protected] > gnupg2/[email protected]
✗ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GNUPG2-541656
Introduced through: gnupg2/[email protected], apt/[email protected]
From: gnupg2/[email protected]
From: apt/[email protected] > [email protected] > gnupg2/[email protected]
Fixed in: 2.2.4-1ubuntu1.3
✗ Low severity vulnerability found in glibc/libc-bin
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-1055781
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-1055791
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Improper Data Handling
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-345677
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-356373
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Improper Data Handling
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-356503
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-451233
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Low severity vulnerability found in glibc/libc-bin
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-451499
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-565053
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Low severity vulnerability found in glibc/libc-bin
Description: Integer Underflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-571383
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
✗ Low severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-571387
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-571391
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Low severity vulnerability found in git/git-man
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GIT-340857
Introduced through: git@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5 > git/git-man@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5
✗ Low severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056268
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Low severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056272
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Low severity vulnerability found in ghostscript/libgs9-common
Description: Allocation of Resources Without Limits or Throttling
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056282
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
✗ Low severity vulnerability found in ghostscript/libgs9-common
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056719
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Low severity vulnerability found in curl/libcurl4
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CURL-1049529
Introduced through: [email protected], php7.2/[email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected]
From: php7.2/[email protected] > curl/[email protected]
From: [email protected]
and 1 more...
Fixed in: 7.58.0-2ubuntu3.12
✗ Low severity vulnerability found in curl/libcurl4
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CURL-607881
Introduced through: [email protected], php7.2/[email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected]
From: php7.2/[email protected] > curl/[email protected]
From: [email protected]
and 1 more...
Fixed in: 7.58.0-2ubuntu3.10
✗ Low severity vulnerability found in cups/libcups2
Description: CVE-2020-10001
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CUPS-1070129
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
✗ Low severity vulnerability found in cups/libcups2
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CUPS-537062
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
Fixed in: 2.2.7-1ubuntu2.8
✗ Low severity vulnerability found in cups/libcups2
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CUPS-607947
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
✗ Low severity vulnerability found in cron
Description: Link Following
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CRON-311946
Introduced through: [email protected]
From: [email protected]
✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-COREUTILS-317469
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > [email protected]
✗ Low severity vulnerability found in bind9/libisc169
Description: Improper Privilege Management
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BIND9-608087
Introduced through: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libirs160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
and 21 more...
Fixed in: 1:9.11.3+dfsg-1ubuntu1.13
✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BASH-542613
Introduced through: [email protected]
From: [email protected]
✗ Low severity vulnerability found in avahi/libavahi-common-data
Description: Link Following
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-AVAHI-1076778
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > avahi/[email protected] > avahi/[email protected] > avahi/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > avahi/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > avahi/[email protected] > avahi/[email protected]
and 1 more...
✗ Medium severity vulnerability found in tiff/libtiff5
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-TIFF-1079215
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12, [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > tiff/[email protected]
From: [email protected] > graphicsmagick/[email protected] > tiff/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > tiff/[email protected]
and 1 more...
Fixed in: 4.0.9-5ubuntu0.4
✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-TIFF-1079219
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12, [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > tiff/[email protected]
From: [email protected] > graphicsmagick/[email protected] > tiff/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > tiff/[email protected]
and 1 more...
Fixed in: 4.0.9-5ubuntu0.4
✗ Medium severity vulnerability found in systemd/libsystemd0
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SYSTEMD-346780
Introduced through: systemd/[email protected], apt/[email protected], php7.2/[email protected], procps/libprocps6@2:3.3.12-3ubuntu1.2, syslog-ng/[email protected], util-linux/bsdutils@1:2.31.1-0.4ubuntu3.6, util-linux/[email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, systemd/[email protected]
From: systemd/[email protected]
From: apt/[email protected] > systemd/[email protected]
From: php7.2/[email protected] > systemd/[email protected]
and 9 more...
✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-571696
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
Fixed in: 3.22.0-1ubuntu0.4
✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-571706
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-571710
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
Fixed in: 3.22.0-1ubuntu0.4
✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-SQLITE3-571711
Introduced through: php7.2/[email protected], [email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3, php7.2/[email protected]
From: php7.2/[email protected] > sqlite3/[email protected]
From: [email protected]~18.04 > python2.7/[email protected]~18.04 > sqlite3/[email protected]
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > sqlite3/[email protected]
and 1 more...
Fixed in: 3.22.0-1ubuntu0.4
✗ Medium severity vulnerability found in python3.6/libpython3.6-minimal
Description: Improper Encoding or Escaping of Output
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-1018699
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.3
✗ Medium severity vulnerability found in python3.6/libpython3.6-minimal
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-1065936
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.4
✗ Medium severity vulnerability found in python3.6/libpython3.6-minimal
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-474724
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1
✗ Medium severity vulnerability found in python3.6/libpython3.6-minimal
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON36-589959
Introduced through: python3.6/[email protected]~18.04, vim@2:8.0.1453-1ubuntu1.3
From: python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: vim@2:8.0.1453-1ubuntu1.3 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04 > python3.6/[email protected]~18.04
From: python3.6/[email protected]~18.04
and 2 more...
Fixed in: 3.6.9-1~18.04ubuntu1.1
✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Improper Encoding or Escaping of Output
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-1018698
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1.2
✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-1079209
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1.6
✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-474726
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1
✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PYTHON27-589960
Introduced through: python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, [email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04, python-defaults/[email protected]~rc1-1, python2.7/[email protected]~18.04
From: python2.7/[email protected]~18.04
From: python-defaults/[email protected]~rc1-1 > python2.7/[email protected]~18.04
From: [email protected]~18.04 > python2.7/[email protected]~18.04
and 8 more...
Fixed in: 2.7.17-1~18.04ubuntu1.1
✗ Medium severity vulnerability found in postgresql-10/libpq5
Description: Insufficient Comparison
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-POSTGRESQL10-1041179
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected]
Fixed in: 10.15-0ubuntu0.18.04.1
✗ Medium severity vulnerability found in postgresql-10/libpq5
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-POSTGRESQL10-1041183
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected]
Fixed in: 10.15-0ubuntu0.18.04.1
✗ Medium severity vulnerability found in postgresql-10/libpq5
Description: SQL Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-POSTGRESQL10-1041187
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected]
Fixed in: 10.15-0ubuntu0.18.04.1
✗ Medium severity vulnerability found in postgresql-10/libpq5
Description: SQL Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-POSTGRESQL10-598816
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected]
Fixed in: 10.14-0ubuntu0.18.04.1
✗ Medium severity vulnerability found in postgresql-10/libpq5
Description: Untrusted Search Path
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-POSTGRESQL10-598838
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected]
Fixed in: 10.14-0ubuntu0.18.04.1
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Reliance on Cookies without Validation and Integrity Checking
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-1018690
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.7
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Inadequate Encryption Strength
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-1018695
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.7
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-340131
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-340144
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-565734
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.4
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Improper Null Termination
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-565736
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.4
✗ Medium severity vulnerability found in php7.2/php7.2-common
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHP72-570202
Introduced through: php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected], php7.2/[email protected], php7.2/[email protected], php7.2/[email protected], [email protected]+4.0.11-1build1, [email protected], [email protected]~rc2-2ubuntu4, [email protected]+2.2.0-1build2, [email protected], php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1, [email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
From: php7.2/[email protected] > php7.2/[email protected]
and 54 more...
Fixed in: 7.2.24-0ubuntu0.18.04.6
✗ Medium severity vulnerability found in php-pear
Description: Deserialization of Untrusted Data
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHPPEAR-1047428
Introduced through: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
From: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
Fixed in: 1:1.10.5+submodules+notgz-1ubuntu1.18.04.2
✗ Medium severity vulnerability found in php-pear
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHPPEAR-1047432
Introduced through: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
From: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
Fixed in: 1:1.10.5+submodules+notgz-1ubuntu1.18.04.2
✗ Medium severity vulnerability found in php-pear
Description: Directory Traversal
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHPPEAR-1070607
Introduced through: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
From: php-pear@1:1.10.5+submodules+notgz-1ubuntu1.18.04.1
Fixed in: 1:1.10.5+submodules+notgz-1ubuntu1.18.04.3
✗ Medium severity vulnerability found in php-imagick
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-PHPIMAGICK-466458
Introduced through: [email protected]~rc2-2ubuntu4
From: [email protected]~rc2-2ubuntu4
Fixed in: 3.4.3~rc2-2ubuntu4.1
✗ Medium severity vulnerability found in p11-kit/libp11-kit0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-P11KIT-1052983
Introduced through: p11-kit/[email protected], php7.2/[email protected]
From: p11-kit/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4 > gnutls28/[email protected] > p11-kit/[email protected]
Fixed in: 0.23.9-2ubuntu0.1
✗ Medium severity vulnerability found in p11-kit/libp11-kit0
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-P11KIT-1052992
Introduced through: p11-kit/[email protected], php7.2/[email protected]
From: p11-kit/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4 > gnutls28/[email protected] > p11-kit/[email protected]
Fixed in: 0.23.9-2ubuntu0.1
✗ Medium severity vulnerability found in p11-kit/libp11-kit0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-P11KIT-1052997
Introduced through: p11-kit/[email protected], php7.2/[email protected]
From: p11-kit/[email protected]
From: php7.2/[email protected] > postgresql-10/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4 > gnutls28/[email protected] > p11-kit/[email protected]
Fixed in: 0.23.9-2ubuntu0.1
✗ Medium severity vulnerability found in openssl1.0/libssl1.0.0
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-1075561
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.6
✗ Medium severity vulnerability found in openssl
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-1075560
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.8
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1035738
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.7
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: CVE-2020-25710
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1040478
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.8
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: CVE-2020-25709
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1040482
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.8
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064803
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Access of Resource Using Incompatible Type ('Type Confusion')
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064809
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Integer Underflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064815
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064821
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: CVE-2020-36226
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064827
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Release of Invalid Pointer or Reference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064833
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064839
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Double Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064845
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064851
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Integer Underflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1064857
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.9
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-1075545
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.10
✗ Medium severity vulnerability found in openldap/libldap-2.4-2
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENLDAP-568034
Introduced through: php7.2/[email protected], [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected]
From: php7.2/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: [email protected] > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > openldap/[email protected]+dfsg-1ubuntu1.4
and 2 more...
Fixed in: 2.4.45+dfsg-1ubuntu1.5
✗ Medium severity vulnerability found in nginx/nginx-common
Description: HTTP Request Smuggling
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-NGINX-565779
Introduced through: [email protected]
From: [email protected] > nginx/[email protected] > nginx/[email protected]
From: [email protected] > nginx/[email protected] > nginx/[email protected] > nginx/[email protected]
From: [email protected] > nginx/[email protected] > nginx/[email protected] > nginx/[email protected]
and 10 more...
✗ Medium severity vulnerability found in nghttp2/libnghttp2-14
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-NGHTTP2-459190
Introduced through: [email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected] > nghttp2/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > nghttp2/[email protected]
✗ Medium severity vulnerability found in nghttp2/libnghttp2-14
Description: Allocation of Resources Without Limits or Throttling
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-NGHTTP2-459213
Introduced through: [email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected] > nghttp2/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > nghttp2/[email protected]
✗ Medium severity vulnerability found in libzstd/libzstd1
Description: Incorrect Default Permissions
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBZSTD-1082293
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libzstd/[email protected]+dfsg-2ubuntu1.1
Fixed in: 1.3.3+dfsg-2ubuntu1.2
✗ Medium severity vulnerability found in libzstd/libzstd1
Description: Incorrect Default Permissions
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBZSTD-1082297
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > libzstd/[email protected]+dfsg-2ubuntu1.1
Fixed in: 1.3.3+dfsg-2ubuntu1.2
✗ Medium severity vulnerability found in libx11/libx11-6
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBX11-597373
Introduced through: [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected] > graphicsmagick/[email protected] > libx11/libx11-6@2:1.6.4-3ubuntu0.2
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libx11/libx11-6@2:1.6.4-3ubuntu0.2
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libx11/libx11-6@2:1.6.4-3ubuntu0.2
and 4 more...
Fixed in: 2:1.6.4-3ubuntu0.3
✗ Medium severity vulnerability found in libx11/libx11-6
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBX11-608998
Introduced through: [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected] > graphicsmagick/[email protected] > libx11/libx11-6@2:1.6.4-3ubuntu0.2
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libx11/libx11-6@2:1.6.4-3ubuntu0.2
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libx11/libx11-6@2:1.6.4-3ubuntu0.2
and 4 more...
Fixed in: 2:1.6.4-3ubuntu0.3
✗ Medium severity vulnerability found in libwebp/libwebp6
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBWEBP-277883
Introduced through: [email protected], php7.2/[email protected]
From: [email protected] > graphicsmagick/[email protected] > libwebp/[email protected]
From: php7.2/[email protected] > libgd2/[email protected] > libwebp/[email protected]
From: [email protected] > graphicsmagick/[email protected] > libwebp/[email protected] > libwebp/[email protected]
and 1 more...
✗ Medium severity vulnerability found in libjpeg-turbo/libjpeg-turbo8
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBJPEGTURBO-571916
Introduced through: libjpeg-turbo/[email protected]
From: libjpeg-turbo/[email protected] > libjpeg8-empty/libjpeg8@8c-2ubuntu8 > libjpeg-turbo/[email protected]
From: libjpeg-turbo/[email protected]
Fixed in: 1.5.2-0ubuntu5.18.04.4
✗ Medium severity vulnerability found in libbson/libbson-1.0-0
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBBSON-460659
Introduced through: [email protected]
From: [email protected] > syslog-ng/[email protected] > libbson/[email protected]
From: [email protected] > syslog-ng/[email protected] > libmongoc/[email protected]+dfsg-1build1 > libbson/[email protected]
✗ Medium severity vulnerability found in krb5/libgssapi-krb5-2
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-KRB5-1038546
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3, [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected], php7.2/[email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11, meta-common-packages@meta
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > krb5/[email protected]
From: [email protected] > curl/[email protected] > krb5/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > krb5/[email protected]
and 10 more...
Fixed in: 1.16-2ubuntu0.2
✗ Medium severity vulnerability found in krb5/libgssapi-krb5-2
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-KRB5-396230
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3, [email protected], git@1:2.17.1-1ubuntu0.5, php7.2/[email protected], php7.2/[email protected], [email protected]~dfsg+0-0ubuntu0.18.04.12, bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11, meta-common-packages@meta
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > krb5/[email protected]
From: [email protected] > curl/[email protected] > krb5/[email protected]
From: git@1:2.17.1-1ubuntu0.5 > curl/[email protected] > krb5/[email protected]
and 10 more...
✗ Medium severity vulnerability found in json-c/libjson-c3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-JSONC-569427
Introduced through: [email protected], bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: [email protected] > syslog-ng/[email protected] > json-c/[email protected]
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libbind9-160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libdns1100@1:9.11.3+dfsg-1ubuntu1.11 > json-c/[email protected]
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libbind9-160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libdns1100@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11 > json-c/[email protected]
Fixed in: 0.12.1-1.3ubuntu0.3
✗ Medium severity vulnerability found in iproute2
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IPROUTE2-568826
Introduced through: [email protected]
From: [email protected] > nginx/[email protected] > [email protected]
Fixed in: 4.15.0-2ubuntu1.1
✗ Medium severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-1056709
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Medium severity vulnerability found in imagemagick/libmagickcore-6.q16-3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-IMAGEMAGICK-1056714
Introduced through: [email protected]~rc2-2ubuntu4, imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
From: imagemagick@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/imagemagick-6.q16@8:6.9.7.4+dfsg-16ubuntu6.8 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8
and 6 more...
✗ Medium severity vulnerability found in graphicsmagick/libgraphicsmagick-q16-3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GRAPHICSMAGICK-1040489
Introduced through: [email protected]
From: [email protected] > graphicsmagick/[email protected]
From: [email protected]
✗ Medium severity vulnerability found in graphicsmagick/libgraphicsmagick-q16-3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GRAPHICSMAGICK-541230
Introduced through: [email protected]
From: [email protected] > graphicsmagick/[email protected]
From: [email protected]
✗ Medium severity vulnerability found in graphicsmagick/libgraphicsmagick-q16-3
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GRAPHICSMAGICK-541235
Introduced through: [email protected]
From: [email protected] > graphicsmagick/[email protected]
From: [email protected]
✗ Medium severity vulnerability found in graphicsmagick/libgraphicsmagick-q16-3
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GRAPHICSMAGICK-541278
Introduced through: [email protected]
From: [email protected] > graphicsmagick/[email protected]
From: [email protected]
✗ Medium severity vulnerability found in graphicsmagick/libgraphicsmagick-q16-3
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GRAPHICSMAGICK-560804
Introduced through: [email protected]
From: [email protected] > graphicsmagick/[email protected]
From: [email protected]
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-356555
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-451227
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-451228
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIBC-571394
Introduced through: glibc/[email protected], glibc/[email protected], [email protected]~rc2-2ubuntu4, libjpeg-turbo/[email protected], php7.2/[email protected], meta-common-packages@meta
From: glibc/[email protected]
From: glibc/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > libxext/libxext6@2:1.3.3-1 > glibc/[email protected]
and 3 more...
Fixed in: 2.27-3ubuntu1.2
✗ Medium severity vulnerability found in glib2.0/libglib2.0-0
Description: Incorrect Conversion between Numeric Types
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIB20-1075539
Introduced through: syslog-ng/[email protected], [email protected]~rc2-2ubuntu4
From: syslog-ng/[email protected] > glib2.0/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > liblqr/[email protected] > glib2.0/[email protected]
Fixed in: 2.56.4-0ubuntu0.18.04.7
✗ Medium severity vulnerability found in glib2.0/libglib2.0-0
Description: Incorrect Conversion between Numeric Types
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIB20-1075542
Introduced through: syslog-ng/[email protected], [email protected]~rc2-2ubuntu4
From: syslog-ng/[email protected] > glib2.0/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > liblqr/[email protected] > glib2.0/[email protected]
Fixed in: 2.56.4-0ubuntu0.18.04.7
✗ Medium severity vulnerability found in glib2.0/libglib2.0-0
Description: Link Following
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GLIB20-1085496
Introduced through: syslog-ng/[email protected], [email protected]~rc2-2ubuntu4
From: syslog-ng/[email protected] > glib2.0/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > liblqr/[email protected] > glib2.0/[email protected]
Fixed in: 2.56.4-0ubuntu0.18.04.8
✗ Medium severity vulnerability found in git/git-man
Description: Link Following
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GIT-1083865
Introduced through: git@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5 > git/git-man@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5
Fixed in: 1:2.17.1-1ubuntu0.8
✗ Medium severity vulnerability found in git/git-man
Description: Insufficiently Protected Credentials
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GIT-565434
Introduced through: git@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5 > git/git-man@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5
Fixed in: 1:2.17.1-1ubuntu0.6
✗ Medium severity vulnerability found in git/git-man
Description: Insufficiently Protected Credentials
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GIT-567090
Introduced through: git@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5 > git/git-man@1:2.17.1-1ubuntu0.5
From: git@1:2.17.1-1ubuntu0.5
Fixed in: 1:2.17.1-1ubuntu0.7
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056262
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056264
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056266
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056270
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: CVE-2020-27824
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056276
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Heap-based Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-1056278
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.14
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598484
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598494
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598500
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598501
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598504
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598512
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598520
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598700
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598702
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598706
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598708
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598709
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598712
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598715
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598719
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598721
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598725
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Divide By Zero
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598726
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598728
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598729
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598731
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598735
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598736
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598737
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in ghostscript/libgs9-common
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GHOSTSCRIPT-598742
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12
Fixed in: 9.26~dfsg+0-0ubuntu0.18.04.13
✗ Medium severity vulnerability found in gcc-8/libgomp1
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-GCC8-572149
Introduced through: [email protected], [email protected]~rc2-2ubuntu4, meta-common-packages@meta
From: [email protected] > graphicsmagick/[email protected] > gcc-8/[email protected]~18.04
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > gcc-8/[email protected]~18.04
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickwand-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > gcc-8/[email protected]~18.04
and 4 more...
✗ Medium severity vulnerability found in dbus/libdbus-1-3
Description: Improper Resource Shutdown or Release
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-DBUS-571314
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > avahi/[email protected] > dbus/[email protected]
Fixed in: 1.12.2-1ubuntu1.2
✗ Medium severity vulnerability found in curl/libcurl4
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CURL-1049517
Introduced through: [email protected], php7.2/[email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected]
From: php7.2/[email protected] > curl/[email protected]
From: [email protected]
and 1 more...
Fixed in: 7.58.0-2ubuntu3.12
✗ Medium severity vulnerability found in curl/libcurl4
Description: Improper Certificate Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CURL-1049523
Introduced through: [email protected], php7.2/[email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected]
From: php7.2/[email protected] > curl/[email protected]
From: [email protected]
and 1 more...
Fixed in: 7.58.0-2ubuntu3.12
✗ Medium severity vulnerability found in curl/libcurl4
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CURL-1090019
Introduced through: [email protected], php7.2/[email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected]
From: php7.2/[email protected] > curl/[email protected]
From: [email protected]
and 1 more...
Fixed in: 7.58.0-2ubuntu3.13
✗ Medium severity vulnerability found in curl/libcurl4
Description: Arbitrary Code Injection
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CURL-573154
Introduced through: [email protected], php7.2/[email protected], git@1:2.17.1-1ubuntu0.5
From: [email protected] > curl/[email protected]
From: php7.2/[email protected] > curl/[email protected]
From: [email protected]
and 1 more...
Fixed in: 7.58.0-2ubuntu3.9
✗ Medium severity vulnerability found in cups/libcups2
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-CUPS-567418
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected] > cups/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > cups/[email protected]
Fixed in: 2.2.7-1ubuntu2.8
✗ Medium severity vulnerability found in bind9/libisc169
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BIND9-1076774
Introduced through: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libirs160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
and 21 more...
Fixed in: 1:9.11.3+dfsg-1ubuntu1.14
✗ Medium severity vulnerability found in bind9/libisc169
Description: Resource Exhaustion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BIND9-569638
Introduced through: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libirs160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
and 21 more...
Fixed in: 1:9.11.3+dfsg-1ubuntu1.12
✗ Medium severity vulnerability found in bind9/libisc169
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BIND9-569639
Introduced through: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libirs160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
and 21 more...
Fixed in: 1:9.11.3+dfsg-1ubuntu1.12
✗ Medium severity vulnerability found in bind9/libisc169
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BIND9-608090
Introduced through: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libirs160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
and 21 more...
Fixed in: 1:9.11.3+dfsg-1ubuntu1.13
✗ Medium severity vulnerability found in bind9/libisc169
Description: Improper Privilege Management
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-BIND9-608093
Introduced through: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/bind9-host@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
From: bind9/dnsutils@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libirs160@1:9.11.3+dfsg-1ubuntu1.11 > bind9/libisc169@1:9.11.3+dfsg-1ubuntu1.11
and 21 more...
Fixed in: 1:9.11.3+dfsg-1ubuntu1.13
✗ Medium severity vulnerability found in apt
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-APT-1050039
Introduced through: [email protected], apt/[email protected], apt/[email protected]
From: [email protected]
From: apt/[email protected] > [email protected]
From: apt/[email protected]
and 2 more...
Fixed in: 1.6.12ubuntu0.2
✗ Medium severity vulnerability found in apt
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-APT-569464
Introduced through: [email protected], apt/[email protected], apt/[email protected]
From: [email protected]
From: apt/[email protected] > [email protected]
From: apt/[email protected]
and 2 more...
Fixed in: 1.6.12ubuntu0.1
✗ Medium severity vulnerability found in apparmor/libapparmor1
Description: Security Features
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-APPARMOR-277330
Introduced through: php7.2/[email protected]
From: php7.2/[email protected] > apparmor/[email protected]
✗ High severity vulnerability found in openssl1.0/libssl1.0.0
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL10-1049136
Introduced through: openssh/openssh-client@1:7.6p1-4ubuntu0.3
From: openssh/openssh-client@1:7.6p1-4ubuntu0.3 > openssl1.0/[email protected]
Fixed in: 1.0.2n-1ubuntu5.5
✗ High severity vulnerability found in openssl
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-1049135
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.7
✗ High severity vulnerability found in openssl
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-OPENSSL-1089073
Introduced through: ca-certificates@20180409, meta-common-packages@meta
From: ca-certificates@20180409 > [email protected]~18.04.5
From: meta-common-packages@meta > openssl/[email protected]~18.04.5
Fixed in: 1.1.1-1ubuntu2.1~18.04.9
✗ High severity vulnerability found in libjpeg-turbo/libjpeg-turbo8
Description: CVE-2020-14151
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-LIBJPEGTURBO-573089
Introduced through: libjpeg-turbo/[email protected]
From: libjpeg-turbo/[email protected] > libjpeg8-empty/libjpeg8@8c-2ubuntu8 > libjpeg-turbo/[email protected]
From: libjpeg-turbo/[email protected]
✗ High severity vulnerability found in freetype/libfreetype6
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-UBUNTU1804-FREETYPE-1019586
Introduced through: [email protected]~dfsg+0-0ubuntu0.18.04.12, [email protected], [email protected]~rc2-2ubuntu4, php7.2/[email protected]
From: [email protected]~dfsg+0-0ubuntu0.18.04.12 > ghostscript/[email protected]~dfsg+0-0ubuntu0.18.04.12 > freetype/[email protected]
From: [email protected] > graphicsmagick/[email protected] > freetype/[email protected]
From: [email protected]~rc2-2ubuntu4 > imagemagick/libmagickcore-6.q16-3@8:6.9.7.4+dfsg-16ubuntu6.8 > freetype/[email protected]
and 3 more...
Fixed in: 2.8.1-2ubuntu2.1
Organization: undefined
Package manager: deb
Project name: docker-image|webdevops/php-nginx
Docker image: webdevops/php-nginx
Platform: linux/amd64
Tested 311 dependencies for known vulnerabilities, found 238 vulnerabilities.
I guess a large chunk (over half) come from the base image... if I understand what is building on what correctly, it seems this image is ultimately layered atop php:7.4-fpm-buster
$ docker scan php:7.4-fpm-buster
...
Tested 161 dependencies for known vulnerabilities, found 150 vulnerabilities.
Hello @techieshark and thank you for the scan. We're only using the official image and are installing everything from the standard package repositories that is needed to properly run an image containing php-fpm and nginx. Our goal was to make an image that is easily usable and contains everything that somebody might need to the building times for docker images.
At the moment our images are approx a month old, due to unsolvable problems in the building of imagemagick and we're waiting for a new release. But our images are usually build on a daily base executing apt-get upgrade on the base image as well as installing all the dependencies from the official package repositories.
I would love to be able to ensure that all packages are secure, but often there aren't any installable releases and it's impossible for us to compile every package on our own as we're building over 100 images.
