-
Notifications
You must be signed in to change notification settings - Fork 0
/
debian_bullseye_scan.txt
294 lines (250 loc) · 13.9 KB
/
debian_bullseye_scan.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
# docker scan debian:bullseye (vom 30.12.2021)
$ docker scan debian:bullseye
Testing debian:bullseye...
Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://snyk.io/vuln/SNYK-DEBIAN11-TAR-523480
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.34+dfsg-1
Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-1291054
Introduced through: systemd/libsystemd0@247.3-6, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8, util-linux/mount@2.36.1-8, systemd/libudev1@247.3-6
From: systemd/libsystemd0@247.3-6
From: apt@2.2.4 > systemd/libsystemd0@247.3-6
From: util-linux/bsdutils@1:2.36.1-8 > systemd/libsystemd0@247.3-6
and 5 more...
Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SYSTEMD-524969
Introduced through: systemd/libsystemd0@247.3-6, apt@2.2.4, util-linux/bsdutils@1:2.36.1-8, util-linux/mount@2.36.1-8, systemd/libudev1@247.3-6
From: systemd/libsystemd0@247.3-6
From: apt@2.2.4 > systemd/libsystemd0@247.3-6
From: util-linux/bsdutils@1:2.36.1-8 > systemd/libsystemd0@247.3-6
and 5 more...
Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-526940
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-528840
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-DEBIAN11-SHADOW-539870
Introduced through: shadow/passwd@1:4.8.1-1, adduser@3.118, shadow/login@1:4.8.1-1, util-linux/mount@2.36.1-8
From: shadow/passwd@1:4.8.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1
From: shadow/login@1:4.8.1-1
and 1 more...
Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PERL-532614
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.32.1-4+deb11u2
Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-523392
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-525075
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529298
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-529490
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PCRE3-572353
Introduced through: pcre3/libpcre3@2:8.39-13, grep@3.6-1
From: pcre3/libpcre3@2:8.39-13
From: grep@3.6-1 > pcre3/libpcre3@2:8.39-13
Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-518334
Introduced through: openssl/libssl1.1@1.1.1k-1+deb11u1, adduser@3.118
From: openssl/libssl1.1@1.1.1k-1+deb11u1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > openssl/libssl1.1@1.1.1k-1+deb11u1
Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-525332
Introduced through: openssl/libssl1.1@1.1.1k-1+deb11u1, adduser@3.118
From: openssl/libssl1.1@1.1.1k-1+deb11u1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > openssl/libssl1.1@1.1.1k-1+deb11u1
Low severity vulnerability found in ncurses/libtinfo6
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-1655741
Introduced through: ncurses/libtinfo6@6.2+20201114-2, bash/bash@5.1-2+b3, ncurses/ncurses-bin@6.2+20201114-2, util-linux/mount@2.36.1-8, ncurses/ncurses-base@6.2+20201114-2
From: ncurses/libtinfo6@6.2+20201114-2
From: bash/bash@5.1-2+b3 > ncurses/libtinfo6@6.2+20201114-2
From: ncurses/ncurses-bin@6.2+20201114-2 > ncurses/libtinfo6@6.2+20201114-2
and 3 more...
Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315627
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315629
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315635
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBSEPOL-1315641
Introduced through: libsepol/libsepol1@3.1-1, adduser@3.118
From: libsepol/libsepol1@3.1-1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > libsemanage/libsemanage1@3.1-1+b2 > libsepol/libsepol1@3.1-1
Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-523947
Introduced through: libgcrypt20@1.8.7-6, apt@2.2.4
From: libgcrypt20@1.8.7-6
From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6
From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2 > libgcrypt20@1.8.7-6
and 1 more...
Low severity vulnerability found in krb5/libk5crypto3
Description: CVE-2004-0971
Info: https://snyk.io/vuln/SNYK-DEBIAN11-KRB5-519904
Introduced through: krb5/libk5crypto3@1.18.3-6+deb11u1, adduser@3.118, krb5/libkrb5-3@1.18.3-6+deb11u1, krb5/libgssapi-krb5-2@1.18.3-6+deb11u1, meta-common-packages@meta
From: krb5/libk5crypto3@1.18.3-6+deb11u1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1
and 5 more...
Low severity vulnerability found in krb5/libk5crypto3
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN11-KRB5-524883
Introduced through: krb5/libk5crypto3@1.18.3-6+deb11u1, adduser@3.118, krb5/libkrb5-3@1.18.3-6+deb11u1, krb5/libgssapi-krb5-2@1.18.3-6+deb11u1, meta-common-packages@meta
From: krb5/libk5crypto3@1.18.3-6+deb11u1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1
From: adduser@3.118 > shadow/passwd@1:4.8.1-1 > pam/libpam-modules@1.4.0-9+deb11u1 > libnsl/libnsl2@1.3.0-2 > libtirpc/libtirpc3@1.3.1-1 > krb5/libgssapi-krb5-2@1.18.3-6+deb11u1 > krb5/libkrb5-3@1.18.3-6+deb11u1 > krb5/libk5crypto3@1.18.3-6+deb11u1
and 5 more...
Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GNUTLS28-515971
Introduced through: gnutls28/libgnutls30@3.7.1-5, apt@2.2.4
From: gnutls28/libgnutls30@3.7.1-5
From: apt@2.2.4 > gnutls28/libgnutls30@3.7.1-5
Low severity vulnerability found in glibc/libc-bin
Description: CVE-2021-43396
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-1911968
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521063
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-521199
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-522385
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-529848
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531451
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-531492
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-532215
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Low severity vulnerability found in coreutils/coreutils
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-514776
Introduced through: coreutils/coreutils@8.32-4+b1
From: coreutils/coreutils@8.32-4+b1
Low severity vulnerability found in coreutils/coreutils
Description: Race Condition
Info: https://snyk.io/vuln/SNYK-DEBIAN11-COREUTILS-527269
Introduced through: coreutils/coreutils@8.32-4+b1
From: coreutils/coreutils@8.32-4+b1
Low severity vulnerability found in apt/libapt-pkg6.0
Description: Improper Verification of Cryptographic Signature
Info: https://snyk.io/vuln/SNYK-DEBIAN11-APT-522585
Introduced through: apt/libapt-pkg6.0@2.2.4, apt@2.2.4
From: apt/libapt-pkg6.0@2.2.4
From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4
From: apt@2.2.4
High severity vulnerability found in perl/perl-base
Description: CVE-2020-16156
Info: https://snyk.io/vuln/SNYK-DEBIAN11-PERL-1925976
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.32.1-4+deb11u2
High severity vulnerability found in libgcrypt20
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN11-LIBGCRYPT20-1297892
Introduced through: libgcrypt20@1.8.7-6, apt@2.2.4
From: libgcrypt20@1.8.7-6
From: apt@2.2.4 > apt/libapt-pkg6.0@2.2.4 > libgcrypt20@1.8.7-6
From: apt@2.2.4 > gnupg2/gpgv@2.2.27-2 > libgcrypt20@1.8.7-6
and 1 more...
Critical severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-1296898
Introduced through: glibc/libc-bin@2.31-13+deb11u2, meta-common-packages@meta
From: glibc/libc-bin@2.31-13+deb11u2
From: meta-common-packages@meta > glibc/libc6@2.31-13+deb11u2
Organization: -
Package manager: deb
Project name: docker-image|debian
Docker image: debian:bullseye
Platform: linux/amd64
Base image: debian:11.2
Licenses: enabled
Tested 97 dependencies for known issues, found 37 issues.
According to our scan, you are currently using the most secure version of the selected base image