i5heu opened a new issue #135: latest docker couchdb container: found 83 vulnerabilities. URL: https://github.com/apache/couchdb-docker/issues/135 Testing couchdb... ✗ Low severity vulnerability found in tar Description: Privilege Escalation Info: https://snyk.io/vuln/SNYK-LINUX-TAR-105079 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > [email protected] ✗ Low severity vulnerability found in tar Description: CVE-2018-20482 Info: https://snyk.io/vuln/SNYK-LINUX-TAR-220695 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > [email protected] ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Insecure Privilege Usage Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-128614 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: Access Restriction Bypass Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-139149 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2018-16888 Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-240648 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ Low severity vulnerability found in systemd/libsystemd0 Description: CVE-2019-6454 Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-437517 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... Fixed in: 232-25+deb9u9 ✗ Low severity vulnerability found in sqlite3/libsqlite3-0 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-SQLITE3-108650 Introduced through: gnupg2/[email protected]~deb9u3, [email protected]~stretch From: gnupg2/[email protected]~deb9u3 > sqlite3/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > sqlite3/[email protected]+deb9u1 ✗ Low severity vulnerability found in sqlite3/libsqlite3-0 Description: NULL Pointer Dereference Info: https://snyk.io/vuln/SNYK-LINUX-SQLITE3-123402 Introduced through: gnupg2/[email protected]~deb9u3, [email protected]~stretch From: gnupg2/[email protected]~deb9u3 > sqlite3/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > sqlite3/[email protected]+deb9u1 ✗ Low severity vulnerability found in sqlite3/libsqlite3-0 Description: CVE-2018-20346 Info: https://snyk.io/vuln/SNYK-LINUX-SQLITE3-205443 Introduced through: gnupg2/[email protected]~deb9u3, [email protected]~stretch From: gnupg2/[email protected]~deb9u3 > sqlite3/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > sqlite3/[email protected]+deb9u1 ✗ Low severity vulnerability found in shadow/passwd Description: CVE-2013-4235 Info: https://snyk.io/vuln/SNYK-LINUX-SHADOW-106309 Introduced through: util-linux/[email protected]+deb9u1, [email protected]~stretch, shadow/login@1:4.4-4.1 From: util-linux/[email protected]+deb9u1 > shadow/passwd@1:4.4-4.1 From: [email protected]~stretch > [email protected] > shadow/passwd@1:4.4-4.1 From: shadow/login@1:4.4-4.1 ✗ Low severity vulnerability found in shadow/passwd Description: Privilege Escalation Info: https://snyk.io/vuln/SNYK-LINUX-SHADOW-107359 Introduced through: util-linux/[email protected]+deb9u1, [email protected]~stretch, shadow/login@1:4.4-4.1 From: util-linux/[email protected]+deb9u1 > shadow/passwd@1:4.4-4.1 From: [email protected]~stretch > [email protected] > shadow/passwd@1:4.4-4.1 From: shadow/login@1:4.4-4.1 ✗ Low severity vulnerability found in shadow/passwd Description: Information Exposure Info: https://snyk.io/vuln/SNYK-LINUX-SHADOW-116095 Introduced through: util-linux/[email protected]+deb9u1, [email protected]~stretch, shadow/login@1:4.4-4.1 From: util-linux/[email protected]+deb9u1 > shadow/passwd@1:4.4-4.1 From: [email protected]~stretch > [email protected] > shadow/passwd@1:4.4-4.1 From: shadow/login@1:4.4-4.1 ✗ Low severity vulnerability found in python3.5/libpython3.5-stdlib Description: CVE-2018-20406 Info: https://snyk.io/vuln/SNYK-LINUX-PYTHON35-215759 Introduced through: [email protected]~stretch From: [email protected]~stretch > python3-defaults/[email protected] > python3-defaults/[email protected] > python3.5/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > python3-defaults/[email protected] > python3.5/[email protected]+deb9u1 and 4 more... ✗ Low severity vulnerability found in python3.5/libpython3.5-stdlib Description: CVE-2019-5010 Info: https://snyk.io/vuln/SNYK-LINUX-PYTHON35-257722 Introduced through: [email protected]~stretch From: [email protected]~stretch > python3-defaults/[email protected] > python3-defaults/[email protected] > python3.5/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > python3-defaults/[email protected] > python3.5/[email protected]+deb9u1 and 4 more... ✗ Low severity vulnerability found in python-urllib3/python3-urllib3 Description: CVE-2018-20060 Info: https://snyk.io/vuln/SNYK-LINUX-PYTHONURLLIB3-185717 Introduced through: [email protected]~stretch From: [email protected]~stretch > requests/[email protected] > python-urllib3/[email protected] ✗ Low severity vulnerability found in perl/perl-base Description: CVE-2011-4116 Info: https://snyk.io/vuln/SNYK-LINUX-PERL-119176 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > perl/[email protected]+deb9u5 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-PCRE3-115388 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-3 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Regular Expression Denial of Service (ReDoS) Info: https://snyk.io/vuln/SNYK-LINUX-PCRE3-123374 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-3 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-PCRE3-126449 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-3 ✗ Low severity vulnerability found in pcre3/libpcre3 Description: CVE-2017-16231 Info: https://snyk.io/vuln/SNYK-LINUX-PCRE3-137957 Introduced through: meta-common-packages@meta From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-3 ✗ Low severity vulnerability found in openssl/libssl1.1 Description: Insecure Cryptography Info: https://snyk.io/vuln/SNYK-LINUX-OPENSSL-106356 Introduced through: [email protected]~stretch From: [email protected]~stretch > requests/[email protected] > ca-certificates@20161130+nmu1+deb9u1 > [email protected]~deb9u1 > openssl/[email protected]~deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > openssl/[email protected]~deb9u1 From: [email protected]~stretch > requests/[email protected] > ca-certificates@20161130+nmu1+deb9u1 > [email protected]~deb9u1 ✗ Low severity vulnerability found in openssl/libssl1.1 Description: Insecure Signature Validation Info: https://snyk.io/vuln/SNYK-LINUX-OPENSSL-132445 Introduced through: [email protected]~stretch From: [email protected]~stretch > requests/[email protected] > ca-certificates@20161130+nmu1+deb9u1 > [email protected]~deb9u1 > openssl/[email protected]~deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > openssl/[email protected]~deb9u1 From: [email protected]~stretch > requests/[email protected] > ca-certificates@20161130+nmu1+deb9u1 > [email protected]~deb9u1 ✗ Low severity vulnerability found in openldap/libldap-common Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-OPENLDAP-106029 Introduced through: apt/[email protected], gnupg2/[email protected]~deb9u3, [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 > openldap/[email protected]+dfsg-5+deb9u2 From: gnupg2/[email protected]~deb9u3 > openldap/[email protected]+dfsg-5+deb9u2 From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 and 1 more... ✗ Low severity vulnerability found in openldap/libldap-common Description: Insecure Cipher Info: https://snyk.io/vuln/SNYK-LINUX-OPENLDAP-113152 Introduced through: apt/[email protected], gnupg2/[email protected]~deb9u3, [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 > openldap/[email protected]+dfsg-5+deb9u2 From: gnupg2/[email protected]~deb9u3 > openldap/[email protected]+dfsg-5+deb9u2 From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 and 1 more... ✗ Low severity vulnerability found in openldap/libldap-common Description: Arbitrary Process Kill Info: https://snyk.io/vuln/SNYK-LINUX-OPENLDAP-119313 Introduced through: apt/[email protected], gnupg2/[email protected]~deb9u3, [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 > openldap/[email protected]+dfsg-5+deb9u2 From: gnupg2/[email protected]~deb9u3 > openldap/[email protected]+dfsg-5+deb9u2 From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 and 1 more... ✗ Low severity vulnerability found in nettle/libnettle6 Description: CVE-2018-16869 Info: https://snyk.io/vuln/SNYK-LINUX-NETTLE-177804 Introduced through: apt/[email protected] From: apt/[email protected] > curl/[email protected]+deb9u8 > nettle/[email protected]+b2 From: apt/[email protected] > curl/[email protected]+deb9u8 > gnutls28/[email protected]+deb9u4 > nettle/[email protected]+b2 From: apt/[email protected] > curl/[email protected]+deb9u8 > rtmpdump/[email protected]+20151223.gitfa8646d.1-1+b1 > nettle/[email protected]+b2 and 3 more... ✗ Low severity vulnerability found in ncurses/libtinfo5 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-NCURSES-135410 Introduced through: [email protected], psmisc/[email protected]+b2, ncurses/[email protected]+20161126-1+deb9u2, [email protected]~stretch, [email protected], gnupg2/[email protected]~deb9u3, ncurses/[email protected]+20161126-1+deb9u2 From: [email protected] > ncurses/[email protected]+20161126-1+deb9u2 From: psmisc/[email protected]+b2 > ncurses/[email protected]+20161126-1+deb9u2 From: ncurses/[email protected]+20161126-1+deb9u2 > ncurses/[email protected]+20161126-1+deb9u2 and 15 more... ✗ Low severity vulnerability found in libtasn1-6 Description: CVE-2018-1000654 Info: https://snyk.io/vuln/SNYK-LINUX-LIBTASN16-172697 Introduced through: apt/[email protected] From: apt/[email protected] > curl/[email protected]+deb9u8 > gnutls28/[email protected]+deb9u4 > [email protected]+deb9u1 ✗ Low severity vulnerability found in krb5/libkrb5support0 Description: Arbitrary File Overwrite Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-103423 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Low severity vulnerability found in krb5/libkrb5support0 Description: Arbitrary Code Execution Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-106341 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Low severity vulnerability found in krb5/libkrb5support0 Description: Integer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-116700 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Low severity vulnerability found in krb5/libkrb5support0 Description: Insecure Memory Handling (Double Free) Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-118386 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Low severity vulnerability found in krb5/libkrb5support0 Description: CVE-2018-20217 Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-221142 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Low severity vulnerability found in gnutls28/libgnutls30 Description: CVE-2018-16868 Info: https://snyk.io/vuln/SNYK-LINUX-GNUTLS28-178366 Introduced through: gnupg2/[email protected]~deb9u3, apt/[email protected] From: gnupg2/[email protected]~deb9u3 > gnutls28/[email protected]+deb9u4 From: apt/[email protected] > curl/[email protected]+deb9u8 > gnutls28/[email protected]+deb9u4 From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 > gnutls28/[email protected]+deb9u4 and 1 more... ✗ Low severity vulnerability found in gnupg2/gpgv Description: Incorrect Key Validation Info: https://snyk.io/vuln/SNYK-LINUX-GNUPG2-133194 Introduced through: gnupg2/[email protected]~deb9u3, [email protected], [email protected], gnupg2/[email protected]~deb9u3, gnupg2/[email protected]~deb9u3 From: gnupg2/[email protected]~deb9u3 From: [email protected] > gnupg2/[email protected]~deb9u3 From: [email protected] > gnupg2/[email protected]~deb9u3 and 3 more... ✗ Low severity vulnerability found in gnupg2/gpgv Description: CVE-2018-1000858 Info: https://snyk.io/vuln/SNYK-LINUX-GNUPG2-209376 Introduced through: gnupg2/[email protected]~deb9u3, [email protected], [email protected], gnupg2/[email protected]~deb9u3, gnupg2/[email protected]~deb9u3 From: gnupg2/[email protected]~deb9u3 From: [email protected] > gnupg2/[email protected]~deb9u3 From: [email protected] > gnupg2/[email protected]~deb9u3 and 3 more... ✗ Low severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-101620 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ Low severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-107098 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-108050 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-111299 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ Low severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-121839 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-121976 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ Low severity vulnerability found in glibc/libc-bin Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-127304 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ Low severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-134363 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: Memory Leak Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-138905 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ Low severity vulnerability found in glibc/libc-bin Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-138936 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ Low severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-145302 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-6488 Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-257862 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2016-10739 Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-257895 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in glibc/libc-bin Description: CVE-2019-7309 Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-259447 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Low severity vulnerability found in file/libmagic-mgc Description: CVE-2019-8907 Info: https://snyk.io/vuln/SNYK-LINUX-FILE-437529 Introduced through: file/libmagic-mgc@1:5.30-1+deb9u2, file@1:5.30-1+deb9u2, file/libmagic1@1:5.30-1+deb9u2 From: file/libmagic-mgc@1:5.30-1+deb9u2 From: file@1:5.30-1+deb9u2 > file/libmagic1@1:5.30-1+deb9u2 > file/libmagic-mgc@1:5.30-1+deb9u2 From: file/libmagic1@1:5.30-1+deb9u2 and 2 more... ✗ Low severity vulnerability found in file/libmagic-mgc Description: CVE-2019-8906 Info: https://snyk.io/vuln/SNYK-LINUX-FILE-437533 Introduced through: file/libmagic-mgc@1:5.30-1+deb9u2, file@1:5.30-1+deb9u2, file/libmagic1@1:5.30-1+deb9u2 From: file/libmagic-mgc@1:5.30-1+deb9u2 From: file@1:5.30-1+deb9u2 > file/libmagic1@1:5.30-1+deb9u2 > file/libmagic-mgc@1:5.30-1+deb9u2 From: file/libmagic1@1:5.30-1+deb9u2 and 2 more... ✗ Low severity vulnerability found in file/libmagic-mgc Description: CVE-2019-8904 Info: https://snyk.io/vuln/SNYK-LINUX-FILE-437535 Introduced through: file/libmagic-mgc@1:5.30-1+deb9u2, file@1:5.30-1+deb9u2, file/libmagic1@1:5.30-1+deb9u2 From: file/libmagic-mgc@1:5.30-1+deb9u2 From: file@1:5.30-1+deb9u2 > file/libmagic1@1:5.30-1+deb9u2 > file/libmagic-mgc@1:5.30-1+deb9u2 From: file/libmagic1@1:5.30-1+deb9u2 and 2 more... ✗ Low severity vulnerability found in file/libmagic-mgc Description: CVE-2019-8905 Info: https://snyk.io/vuln/SNYK-LINUX-FILE-437551 Introduced through: file/libmagic-mgc@1:5.30-1+deb9u2, file@1:5.30-1+deb9u2, file/libmagic1@1:5.30-1+deb9u2 From: file/libmagic-mgc@1:5.30-1+deb9u2 From: file@1:5.30-1+deb9u2 > file/libmagic1@1:5.30-1+deb9u2 > file/libmagic-mgc@1:5.30-1+deb9u2 From: file/libmagic1@1:5.30-1+deb9u2 and 2 more... ✗ Low severity vulnerability found in expat/libexpat1 Description: XML External Entity Injection (XXE) Info: https://snyk.io/vuln/SNYK-LINUX-EXPAT-107842 Introduced through: [email protected]~stretch From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 > expat/[email protected]+deb9u1 ✗ Low severity vulnerability found in curl/libcurl3-gnutls Description: CVE-2019-3822 Info: https://snyk.io/vuln/SNYK-LINUX-CURL-436283 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 From: [email protected]~stretch > curl/[email protected]+deb9u8 From: [email protected]~stretch > [email protected]+deb9u8 > curl/[email protected]+deb9u8 and 1 more... Fixed in: 7.52.1-5+deb9u9 ✗ Low severity vulnerability found in curl/libcurl3-gnutls Description: CVE-2018-16890 Info: https://snyk.io/vuln/SNYK-LINUX-CURL-436285 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 From: [email protected]~stretch > curl/[email protected]+deb9u8 From: [email protected]~stretch > [email protected]+deb9u8 > curl/[email protected]+deb9u8 and 1 more... Fixed in: 7.52.1-5+deb9u9 ✗ Low severity vulnerability found in curl/libcurl3-gnutls Description: CVE-2019-3823 Info: https://snyk.io/vuln/SNYK-LINUX-CURL-436287 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 From: [email protected]~stretch > curl/[email protected]+deb9u8 From: [email protected]~stretch > [email protected]+deb9u8 > curl/[email protected]+deb9u8 and 1 more... Fixed in: 7.52.1-5+deb9u9 ✗ Low severity vulnerability found in coreutils Description: Sandbox (chroot) Escape Info: https://snyk.io/vuln/SNYK-LINUX-COREUTILS-104909 Introduced through: [email protected] From: [email protected] ✗ Low severity vulnerability found in coreutils Description: Arbitrary File Priviledge Modification Info: https://snyk.io/vuln/SNYK-LINUX-COREUTILS-114540 Introduced through: [email protected] From: [email protected] ✗ Low severity vulnerability found in apt/libapt-pkg5.0 Description: CVE-2011-3374 Info: https://snyk.io/vuln/SNYK-LINUX-APT-116518 Introduced through: [email protected], apt/[email protected] From: [email protected] > apt/[email protected] From: apt/[email protected] > apt/[email protected] From: [email protected] and 1 more... ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-107875 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: Symlink Attack Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-111917 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ Medium severity vulnerability found in systemd/libsystemd0 Description: CVE-2018-15686 Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-174863 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ Medium severity vulnerability found in requests/python3-requests Description: CVE-2018-18074 Info: https://snyk.io/vuln/SNYK-LINUX-REQUESTS-173692 Introduced through: [email protected]~stretch From: [email protected]~stretch > requests/[email protected] ✗ Medium severity vulnerability found in python3.5/libpython3.5-stdlib Description: Arbitrary Argument Injection Info: https://snyk.io/vuln/SNYK-LINUX-PYTHON35-156428 Introduced through: [email protected]~stretch From: [email protected]~stretch > python3-defaults/[email protected] > python3-defaults/[email protected] > python3.5/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > [email protected]+deb9u1 > python3.5/[email protected]+deb9u1 From: [email protected]~stretch > python3-defaults/[email protected] > python3-defaults/[email protected] > python3.5/[email protected]+deb9u1 and 4 more... ✗ Medium severity vulnerability found in nghttp2/libnghttp2-14 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-NGHTTP2-107462 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > nghttp2/[email protected] From: [email protected]~stretch > [email protected]+deb9u8 > curl/[email protected]+deb9u8 > nghttp2/[email protected] ✗ Medium severity vulnerability found in libgcrypt20 Description: Information Exposure Info: https://snyk.io/vuln/SNYK-LINUX-LIBGCRYPT20-116093 Introduced through: gnupg2/[email protected]~deb9u3, gnupg2/[email protected]~deb9u3, gnupg2/[email protected]~deb9u3, apt/[email protected], [email protected]~stretch From: gnupg2/[email protected]~deb9u3 > [email protected]+deb9u3 From: gnupg2/[email protected]~deb9u3 > [email protected]+deb9u3 From: gnupg2/[email protected]~deb9u3 > [email protected]+deb9u3 and 3 more... ✗ Medium severity vulnerability found in krb5/libkrb5support0 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-125766 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Medium severity vulnerability found in krb5/libkrb5support0 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-154997 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Medium severity vulnerability found in krb5/libkrb5support0 Description: Access Restriction Bypass Info: https://snyk.io/vuln/SNYK-LINUX-KRB5-159695 Introduced through: apt/[email protected], [email protected]~stretch From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 From: apt/[email protected] > curl/[email protected]+deb9u8 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 > krb5/[email protected]+deb9u1 and 9 more... ✗ Medium severity vulnerability found in gnutls28/libgnutls30 Description: Man-in-the-Middle (MitM) Info: https://snyk.io/vuln/SNYK-LINUX-GNUTLS28-145159 Introduced through: gnupg2/[email protected]~deb9u3, apt/[email protected] From: gnupg2/[email protected]~deb9u3 > gnutls28/[email protected]+deb9u4 From: apt/[email protected] > curl/[email protected]+deb9u8 > gnutls28/[email protected]+deb9u4 From: apt/[email protected] > curl/[email protected]+deb9u8 > openldap/[email protected]+dfsg-5+deb9u2 > gnutls28/[email protected]+deb9u4 and 1 more... ✗ Medium severity vulnerability found in glibc/libc-bin Description: DNS Spoofing Attacks Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-120740 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ Medium severity vulnerability found in glibc/libc-bin Description: Buffer Overflow Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-121179 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ High severity vulnerability found in util-linux/libblkid1 Description: Sandbox (util-linux) Escape Info: https://snyk.io/vuln/SNYK-LINUX-UTILLINUX-129007 Introduced through: util-linux/[email protected]+deb9u1, util-linux/[email protected]+deb9u1, [email protected], util-linux/[email protected]+deb9u1, util-linux/[email protected]+deb9u1, util-linux/[email protected]+deb9u1, util-linux/[email protected]+deb9u1, [email protected]+deb9u1, sysvinit/[email protected], util-linux/bsdutils@1:2.29.2-1+deb9u1 From: util-linux/[email protected]+deb9u1 From: util-linux/[email protected]+deb9u1 > util-linux/[email protected]+deb9u1 From: [email protected] > util-linux/[email protected]+deb9u1 and 21 more... ✗ High severity vulnerability found in systemd/libsystemd0 Description: Insecure Symlink Handling Info: https://snyk.io/vuln/SNYK-LINUX-SYSTEMD-103027 Introduced through: util-linux/bsdutils@1:2.29.2-1+deb9u1, [email protected], [email protected]~stretch, systemd/libudev1@232-25+deb9u8, util-linux/[email protected]+deb9u1 From: util-linux/bsdutils@1:2.29.2-1+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected] > [email protected]+deb9u1 > systemd/libsystemd0@232-25+deb9u8 From: [email protected]~stretch > procps@2:3.3.12-3+deb9u1 > procps/libprocps6@2:3.3.12-3+deb9u1 > systemd/libsystemd0@232-25+deb9u8 and 3 more... ✗ High severity vulnerability found in shadow/passwd Description: Internal Data Manipulation Info: https://snyk.io/vuln/SNYK-LINUX-SHADOW-123859 Introduced through: util-linux/[email protected]+deb9u1, [email protected]~stretch, shadow/login@1:4.4-4.1 From: util-linux/[email protected]+deb9u1 > shadow/passwd@1:4.4-4.1 From: [email protected]~stretch > [email protected] > shadow/passwd@1:4.4-4.1 From: shadow/login@1:4.4-4.1 ✗ High severity vulnerability found in libidn/libidn11 Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-LIBIDN-113412 Introduced through: apt/[email protected] From: apt/[email protected] > curl/[email protected]+deb9u8 > gnutls28/[email protected]+deb9u4 > libidn/[email protected] ✗ High severity vulnerability found in glibc/libc-bin Description: Privilege Escalation Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-100838 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 ✗ High severity vulnerability found in glibc/libc-bin Description: Heap Corruption Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-103290 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ High severity vulnerability found in glibc/libc-bin Description: Heap Corruption Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-111940 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ High severity vulnerability found in glibc/libc-bin Description: Privilege Escalation Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-129450 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 ✗ High severity vulnerability found in glibc/libc-bin Description: Denial of Service (DoS) Info: https://snyk.io/vuln/SNYK-LINUX-GLIBC-171152 Introduced through: glibc/[email protected]+deb9u3, meta-common-packages@meta From: glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 From: meta-common-packages@meta > glibc/[email protected]+deb9u3 Fixed in: 2.24-11+deb9u4 Package manager: deb Docker image: couchdb Tested 149 dependencies for known vulnerabilities, found 83 vulnerabilities.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
