Skip to content

multiple critical CVEs in the image #168

New issue
New issue
Open
Open
multiple critical CVEs in the image#168
@ismail-bertalfilali

Description

@ismail-bertalfilali
ismail-bertalfilali
opened on May 9, 2024

Hello,

We are trying to use the image grokzen/redis-cluster:7.0.10 but it contains several CVEs any plan to upgrade the packages used ? Thank you

Vulnerability Severity CVSS3 Score Package Current Version Fixed in Version Listed In CVE Allowlist
CVE-2022-1664 Critical 9.8 dpkg 1.19.7 1.19.8 No
CVE-2021-33574 Critical 9.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-35942 Critical 9.1 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2022-23218 Critical 9.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2022-23219 Critical 9.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-3520 Critical 9.8 liblz4-1 1.8.3-1 1.8.3-1+deb10u1 No
CVE-2022-1586 Critical 9.1 libpcre2-8-0 10.32-5 10.32-5+deb10u1 No
CVE-2022-1587 Critical 9.1 libpcre2-8-0 10.32-5 10.32-5+deb10u1 No
CVE-2021-3177 Critical 9.8 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2021-46848 Critical 9.1 libtasn1-6 4.13-3 4.13-3+deb10u1 No
CVE-2021-3177 Critical 9.8 python2.7 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2022-37434 Critical 9.8 zlib1g 1:1.2.11.dfsg-1 1:1.2.11.dfsg-1+deb10u2 No
CVE-2022-48565 Critical 9.8 libpython2.7-minimal 2.7.16-2+deb10u1 None No
CVE-2021-20231 Critical 9.8 libgnutls30 3.6.7-4+deb10u3 3.6.7-4+deb10u7 No
CVE-2021-20232 Critical 9.8 libgnutls30 3.6.7-4+deb10u3 3.6.7-4+deb10u7 No
CVE-2021-3711 Critical 9.8 libssl1.1 1.1.1d-0+deb10u3 1.1.1d-0+deb10u7 Yes
CVE-2022-1292 Critical 9.8 libssl1.1 1.1.1d-0+deb10u3 1.1.1n-0+deb10u2 No
CVE-2022-2068 Critical 9.8 libssl1.1 1.1.1d-0+deb10u3 1.1.1n-0+deb10u3 No
CVE-2023-25775 Critical 9.8 linux-libc-dev 4.19.260-1 4.19.304-1 No
CVE-2022-1271 High 8.8 gzip 1.9-3 1.9-3+deb10u1 No
CVE-2020-1752 High 7.0 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2020-6096 High 8.1 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-3326 High 7.5 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-3999 High 7.8 libc-bin 2.28-10 2.28-10+deb10u2 No
CVE-2021-43618 High 7.5 libgmp10 2:6.1.2+dfsg-4 2:6.1.2+dfsg-4+deb10u1 No
CVE-2021-20305 High 8.1 libhogweed4 3.4.1-1 3.4.1-1+deb10u1 Yes
CVE-2021-3580 High 7.5 libhogweed4 3.4.1-1 3.4.1-1+deb10u1 No
CVE-2022-1271 High 8.8 liblzma5 5.2.4-1 5.2.4-1+deb10u1 No
CVE-2021-20305 High 8.1 libnettle6 3.4.1-1 3.4.1-1+deb10u1 Yes
CVE-2021-3580 High 7.5 libnettle6 3.4.1-1 3.4.1-1+deb10u1 No
CVE-2019-20454 High 7.5 libpcre2-8-0 10.32-5 10.32-5+deb10u1 No
CVE-2015-20107 High 7.6 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2019-20907 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2020-26116 High 7.2 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2021-3737 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2022-0391 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 None No
CVE-2022-45061 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2023-24329 High 7.5 libpython2.7-minimal 2.7.16-2+deb10u1 None No
CVE-2015-20107 High 7.6 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2019-20907 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2020-26116 High 7.2 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2021-3737 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2022-0391 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 None No
CVE-2022-45061 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 2.7.16-2+deb10u2 No
CVE-2023-24329 High 7.5 libpython2.7-stdlib 2.7.16-2+deb10u1 None No

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions