Vulnerability Scan Report for registry.suse.com/suse/git:2.35-7.4

A micro environment with Git based on the SLE Base Container Image.

registry.suse.com/suse/git:2.35-7.4

Last scanned on: May 08, 2025 14:40

Package Name	Severity	Status	Description	Reference links
libexpat1	MEDIUM	fixed	Security update for expat Vulnerability ID: SUSE-SU-2024:3216-1 Installed Version: 2.4.4-150400.3.12.1 Fixed Version: 2.4.4-150400.3.22.1 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)	CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 SU-20243216-1 SUSE Bug#1229930 SUSE Bug#1229931 SUSE Bug#1229932 SUSE Mailing List [sle-security-updates] 2024-September#019424 SUSE Security Rating
libexpat1	MEDIUM	fixed	Security update for expat Vulnerability ID: SUSE-SU-2024:4035-1 Installed Version: 2.4.4-150400.3.12.1 Fixed Version: 2.4.4-150400.3.25.1 This update for expat fixes the following issues: - CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).	CVE-2024-50602 SU-20244035-1 SUSE Bug#1232579 SUSE Mailing List [sle-security-updates] 2024-November#019824 SUSE Security Rating
libncurses6	LOW	fixed	Security update for ncurses Vulnerability ID: SUSE-SU-2024:1133-1 Installed Version: 6.1-150000.5.20.1 Fixed Version: 6.1-150000.5.24.1 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).	CVE-2023-45918 SU-20241133-1 SUSE Bug#1220061 SUSE Mailing List [sle-updates] 2024-April#034889 SUSE Security Rating
libnghttp2-14	HIGH	fixed	Security update for nghttp2 Vulnerability ID: SUSE-SU-2024:1167-1 Installed Version: 1.40.0-150200.12.1 Fixed Version: 1.40.0-150200.17.1 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)	CVE-2024-28182 SU-20241167-1 SUSE Bug#1221399 SUSE Mailing List [sle-updates] 2024-April#034897 SUSE Security Rating
libopenssl1_1	HIGH	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2024:2051-1 Installed Version: 1.1.1l-150500.17.22.1 Fixed Version: 1.1.1l-150500.17.31.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)	CVE-2024-4741 SU-20242051-1 SUSE Bug#1225551 SUSE Mailing List [sle-security-updates] 2024-June#018732 SUSE Security Rating