Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix medium and high level vulnerabilities #1186

Closed
dauntlessnomad opened this issue Feb 10, 2023 · 0 comments
Closed

Fix medium and high level vulnerabilities #1186

dauntlessnomad opened this issue Feb 10, 2023 · 0 comments

Comments

@dauntlessnomad
Copy link
Member

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2774162
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Stack-based Buffer Overflow
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2774167
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2823289
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2823291
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Divide By Zero
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938519
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Divide By Zero
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938520
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Divide By Zero
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2938525
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2964237
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987009
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987011
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Improper Input Validation
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-2987014
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3008946
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Double Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012393
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Reachable Assertion
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012398
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Release of Invalid Pointer or Reference
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3012399
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058771
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058775
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058778
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058779
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Write
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058787
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in tiff/libtiff5
Description: Out-of-bounds Read
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3058792
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

✗ Medium severity vulnerability found in openssl
Description: Inadequate Encryption Strength
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-2941242
Introduced through: ca-certificates@20210119, meta-common-packages@meta
From: ca-certificates@20210119 > openssl@1.1.1n-0+deb11u3
From: meta-common-packages@meta > openssl/libssl1.1@1.1.1n-0+deb11u3
Fixed in: 1.1.1n-0+deb11u4

✗ High severity vulnerability found in tiff/libtiff5
Description: Numeric Errors
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3113871
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1

✗ High severity vulnerability found in tiff/libtiff5
Description: Use After Free
Info: https://security.snyk.io/vuln/SNYK-DEBIAN11-TIFF-3252499
Introduced through: chromium@109.0.5414.74-2deb11u1
From: chromium@109.0.5414.74-2deb11u1 > gtk+3.0/libgtk-3-0@3.24.24-4+deb11u2 > adwaita-icon-theme@3.38.0-1 > gtk+3.0/gtk-update-icon-cache@3.24.24-4+deb11u2 > gdk-pixbuf/libgdk-pixbuf-2.0-0@2.42.2+dfsg-1+deb11u1 > tiff/libtiff5@4.2.0-1+deb11u1
Fixed in: 4.2.0-1+deb11u3

Organization: egovhealthcare
Package manager: deb
Project name: docker-image|care
Docker image: care:2
Platform: linux/arm64
Licenses: enabled

Tested 303 dependencies for known issues, found 152 issues.

Testing care:2...

Organization: egovhealthcare
Package manager: pip
Target file: /app/requirements.txt
Project name: /app/requirements.txt
Docker image: care:2
Licenses: enabled

✔ Tested care:2 for known issues, no vulnerable paths found.

Testing care:2...

Organization: egovhealthcare
Package manager: maven
Target file: /usr/share/java
Project name: care:2:/usr/share/java
Docker image: care:2
Licenses: enabled

✔ Tested care:2 for known issues, no vulnerable paths found.

Tested 3 projects, 1 contained vulnerable paths.
@sainak sainak closed this as completed Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dauntlessnomad @sainak