Vulnerability Scan Report for registry.suse.com/suse/git:2.35-8.1

A micro environment with Git based on the SLE Base Container Image.

registry.suse.com/suse/git:2.35-8.1

Last scanned on: July 01, 2025 21:02

Package Name	Severity	Status	Description	Reference links
krb5	HIGH	fixed	Security update for krb5 Vulnerability ID: SUSE-SU-2024:2302-1 Installed Version: 1.20.1-150500.3.3.1 Fixed Version: 1.20.1-150500.3.9.1 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).	CVE-2024-37370 CVE-2024-37371 SU-20242302-1 SUSE Bug#1227186 SUSE Bug#1227187 SUSE Mailing List [sle-updates] 2024-July#035824 SUSE Security Rating
less	HIGH	fixed	Security update for less Vulnerability ID: SUSE-SU-2024:1192-1 Installed Version: 590-150400.3.3.1 Fixed Version: 590-150400.3.6.2 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).	CVE-2022-48624 SU-20241192-1 SUSE Bug#1219901 SUSE Mailing List [sle-updates] 2024-April#034922 SUSE Security Rating
less	HIGH	fixed	Security update for less Vulnerability ID: SUSE-SU-2024:1598-1 Installed Version: 590-150400.3.3.1 Fixed Version: 590-150400.3.9.1 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)	CVE-2024-32487 SU-20241598-1 SUSE Bug#1222849 SUSE Mailing List [sle-updates] 2024-May#035227 SUSE Security Rating
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:1151-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.44.1 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)	CVE-2024-2004 CVE-2024-2398 SU-20241151-1 SUSE Bug#1221665 SUSE Bug#1221667 SUSE Mailing List [sle-updates] 2024-April#034871 SUSE Security Rating
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3080-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.47.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)	CVE-2024-7264 SU-20243080-1 SUSE Bug#1228535 SUSE Mailing List [sle-updates] 2024-September#036722 SUSE Security Rating