Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multiple critical CVEs in the image #168

Open
ismail-bertalfilali opened this issue May 9, 2024 · 0 comments
Open

multiple critical CVEs in the image #168

ismail-bertalfilali opened this issue May 9, 2024 · 0 comments

Comments

@ismail-bertalfilali
Copy link

Hello,

We are trying to use the image grokzen/redis-cluster:7.0.10 but it contains several CVEs any plan to upgrade the packages used ? Thank you

Vulnerability Severity CVSS3 Score Package Current Version Fixed in Version Listed In CVE Allowlist
CVE-2022-1664 Critical 9.8 dpkg 1.19.7 1.19.8 No
CVE-2021-33574 Critical 9.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-35942 Critical 9.1 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2022-23218 Critical 9.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2022-23219 Critical 9.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-3520 Critical 9.8 liblz4-1 1.8.3-1 1.8.3-1+deb10u1 No
CVE-2022-1586 Critical 9.1 libpcre2-8-0 10.32-5 10.32-5+deb10u1 No
CVE-2022-1587 Critical 9.1 libpcre2-8-0 10.32-5 10.32-5+deb10u1 No
CVE-2021-3177 Critical 9.8 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2021-46848 Critical 9.1 libtasn1-6 4.13-3 4.13-3+deb10u1 No
CVE-2021-3177 Critical 9.8 python2.7 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2022-37434 Critical 9.8 zlib1g 1:1.2.11.dfsg-1 1:1.2.11.dfsg-1+deb10u2 No
CVE-2022-48565 Critical 9.8 libpython2.7-minimal 2.7.16-2+deb10u1 None No
CVE-2021-20231 Critical 9.8 libgnutls30 3.6.7-4+deb10u3 3.6.7-4+deb10u7 No
CVE-2021-20232 Critical 9.8 libgnutls30 3.6.7-4+deb10u3 3.6.7-4+deb10u7 No
CVE-2021-3711 Critical 9.8 libssl1.1 1.1.1d-0+deb10u3 1.1.1d-0+deb10u7 Yes
CVE-2022-1292 Critical 9.8 libssl1.1 1.1.1d-0+deb10u3 1.1.1n-0+deb10u2 No
CVE-2022-2068 Critical 9.8 libssl1.1 1.1.1d-0+deb10u3 1.1.1n-0+deb10u3 No
CVE-2023-25775 Critical 9.8 linux-libc-dev 4.19.260-1 4.19.304-1 No
CVE-2022-1271 High 8.8 gzip 1.9-3 1.9-3+deb10u1 No
CVE-2020-1752 High 7.0 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2020-6096 High 8.1 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-3326 High 7.5 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-3999 High 7.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-43618 High 7.5 libgmp10 2:6.1.2+dfsg-4 2:6.1.2+dfsg-4+deb10u1 No
CVE-2021-20305 High 8.1 libhogweed4 3.4.1-1 3.4.1-1+deb10u1 Yes
CVE-2021-3580 High 7.5 libhogweed4 3.4.1-1 3.4.1-1+deb10u1 No
CVE-2022-1271 High 8.8 liblzma5 5.2.4-1 5.2.4-1+deb10u1 No
CVE-2021-20305 High 8.1 libnettle6 3.4.1-1 3.4.1-1+deb10u1 Yes
CVE-2021-3580 High 7.5 libnettle6 3.4.1-1 3.4.1-1+deb10u1 No
CVE-2019-20454 High 7.5 libpcre2-8-0 10.32-5 10.32-5+deb10u1 No
CVE-2015-20107 High 7.6 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2019-20907 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2020-26116 High 7.2 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2021-3737 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2022-0391 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 None No
CVE-2022-45061 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2023-24329 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 None No
CVE-2015-20107 High 7.6 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2019-20907 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2020-26116 High 7.2 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2021-3737 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2022-0391 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 None No
CVE-2022-45061 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2023-24329 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 None No
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ismail-bertalfilali