Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.16
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: October 30, 2024 19:13
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: October 30, 2024 19:13
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
openssh-fips | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2024:0596-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.30.1 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) |
||
openssl-1_1 | HIGH | fixed |
Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2024:2089-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.69.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) |
||
openssl-1_1 | MEDIUM | fixed |
Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:1745-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.31.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). |
||
openssl-1_1 | MEDIUM | fixed |
Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:1911-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.34.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873). |
||
openssl-1_1 | MEDIUM | fixed |
Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:2342-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.37.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). |