Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-1368

Latest docker image fails security scans with High severity vulnerabilities.

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Invalid
    • Affects Version/s: 1.3.0
    • Fix Version/s: None
    • Component/s: guacamole
    • Labels:
      None
    • Environment:
      Docker

      Description

      tgates@MacBook-Pro ~
      % docker pull guacamole/guacamole:1.3.0
      1.3.0: Pulling from guacamole/guacamole
      Digest: sha256:739cb6820ae884827ceaaa87b45b8802769649c848d737584aea79d999177dc3
      Status: Downloaded newer image for guacamole/guacamole:1.3.0
      docker.io/guacamole/guacamole:1.3.0

      tgates@MacBook-Pro ~
      % docker scan guacamole/guacamole:1.3.0

      Testing guacamole/guacamole:1.3.0...

      ✗ Low severity vulnerability found in tar
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > tar@1.30+dfsg-6

      ✗ Low severity vulnerability found in tar
      Description: CVE-2005-2541
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > tar@1.30+dfsg-6

      ✗ Low severity vulnerability found in tar
      Description: NULL Pointer Dereference
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > tar@1.30+dfsg-6

      ✗ Low severity vulnerability found in systemd/libsystemd0
      Description: Authentication Bypass
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
      Introduced through: util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.2, util-linux/mount@2.33.1-0.1, procps@2:3.3.15-2, systemd/libudev1@241-7~deb10u5
      From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > systemd/libsystemd0@241-7~deb10u5
      From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      and 4 more...

      ✗ Low severity vulnerability found in systemd/libsystemd0
      Description: Link Following
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
      Introduced through: util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.2, util-linux/mount@2.33.1-0.1, procps@2:3.3.15-2, systemd/libudev1@241-7~deb10u5
      From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > systemd/libsystemd0@241-7~deb10u5
      From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      and 4 more...

      ✗ Low severity vulnerability found in systemd/libsystemd0
      Description: Missing Release of Resource after Effective Lifetime
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
      Introduced through: util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.2, util-linux/mount@2.33.1-0.1, procps@2:3.3.15-2, systemd/libudev1@241-7~deb10u5
      From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > systemd/libsystemd0@241-7~deb10u5
      From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      and 4 more...

      ✗ Low severity vulnerability found in systemd/libsystemd0
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-570991
      Introduced through: util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.2, util-linux/mount@2.33.1-0.1, procps@2:3.3.15-2, systemd/libudev1@241-7~deb10u5
      From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > systemd/libsystemd0@241-7~deb10u5
      From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      and 4 more...

      ✗ Low severity vulnerability found in sqlite3/libsqlite3-0
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-535712
      Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpg@2.2.12-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1

      ✗ Low severity vulnerability found in sqlite3/libsqlite3-0
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-565214
      Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpg@2.2.12-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1

      ✗ Low severity vulnerability found in shadow/passwd
      Description: Time-of-check Time-of-use (TOCTOU)
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2, gnupg2/dirmngr@2.2.12-1+deb10u1, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > shadow/passwd@1:4.5-1.1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > adduser@3.118 > shadow/passwd@1:4.5-1.1
      From: shadow/login@1:4.5-1.1
      and 1 more...

      ✗ Low severity vulnerability found in shadow/passwd
      Description: Incorrect Permission Assignment for Critical Resource
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2, gnupg2/dirmngr@2.2.12-1+deb10u1, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > shadow/passwd@1:4.5-1.1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > adduser@3.118 > shadow/passwd@1:4.5-1.1
      From: shadow/login@1:4.5-1.1
      and 1 more...

      ✗ Low severity vulnerability found in shadow/passwd
      Description: Access Restriction Bypass
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2, gnupg2/dirmngr@2.2.12-1+deb10u1, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > shadow/passwd@1:4.5-1.1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > adduser@3.118 > shadow/passwd@1:4.5-1.1
      From: shadow/login@1:4.5-1.1
      and 1 more...

      ✗ Low severity vulnerability found in shadow/passwd
      Description: Incorrect Permission Assignment for Critical Resource
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2, gnupg2/dirmngr@2.2.12-1+deb10u1, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > shadow/passwd@1:4.5-1.1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > adduser@3.118 > shadow/passwd@1:4.5-1.1
      From: shadow/login@1:4.5-1.1
      and 1 more...

      ✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Cryptographic Issues
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-306560
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Arbitrary Code Injection
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-306596
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Arbitrary Code Injection
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-474393
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Resource Exhaustion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-543815
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Resource Exhaustion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-546420
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Low severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-584372
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Low severity vulnerability found in python-defaults/libpython2-stdlib
      Description: Link Following
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHONDEFAULTS-269278
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/python2@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1
      and 5 more...

      ✗ Low severity vulnerability found in perl
      Description: Link Following
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
      Introduced through: git@1:2.20.1-2+deb10u3, meta-common-packages@meta
      From: git@1:2.20.1-2+deb10u3 > perl@5.28.1-6+deb10u1
      From: git@1:2.20.1-2+deb10u3 > liberror-perl@0.17027-2 > perl@5.28.1-6+deb10u1
      From: git@1:2.20.1-2+deb10u3 > perl@5.28.1-6+deb10u1 > perl/perl-modules-5.28@5.28.1-6+deb10u1
      and 3 more...

      ✗ Low severity vulnerability found in pcre3/libpcre3
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

      ✗ Low severity vulnerability found in pcre3/libpcre3
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

      ✗ Low severity vulnerability found in pcre3/libpcre3
      Description: Uncontrolled Recursion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

      ✗ Low severity vulnerability found in pcre3/libpcre3
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

      ✗ Low severity vulnerability found in pcre3/libpcre3
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

      ✗ Low severity vulnerability found in openssl/libssl1.1
      Description: Cryptographic Issues
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374709
      Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u4, openssh/openssh-client@1:7.9p1-10+deb10u2, ca-certificates@20200601~deb10u1, curl@7.64.0-4+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: openssl/libssl1.1@1.1.1d-0+deb10u4
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > openssl/libssl1.1@1.1.1d-0+deb10u4
      From: ca-certificates@20200601~deb10u1 > openssl@1.1.1d-0+deb10u4 > openssl/libssl1.1@1.1.1d-0+deb10u4
      and 6 more...

      ✗ Low severity vulnerability found in openssl/libssl1.1
      Description: Cryptographic Issues
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374996
      Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u4, openssh/openssh-client@1:7.9p1-10+deb10u2, ca-certificates@20200601~deb10u1, curl@7.64.0-4+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: openssl/libssl1.1@1.1.1d-0+deb10u4
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > openssl/libssl1.1@1.1.1d-0+deb10u4
      From: ca-certificates@20200601~deb10u1 > openssl@1.1.1d-0+deb10u4 > openssl/libssl1.1@1.1.1d-0+deb10u4
      and 6 more...

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-368617
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Access Restriction Bypass
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-368833
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-368925
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Improper Authentication
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-369016
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Inappropriate Encoding for Output Context
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-369020
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-472477
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-570880
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-574764
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openssh/openssh-client
      Description: OS Command Injection
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSH-590144
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2

      ✗ Low severity vulnerability found in openldap/libldap-common
      Description: Improper Initialization
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304601
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...

      ✗ Low severity vulnerability found in openldap/libldap-common
      Description: Cryptographic Issues
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304654
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...

      ✗ Low severity vulnerability found in openldap/libldap-common
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-304666
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...

      ✗ Low severity vulnerability found in openldap/libldap-common
      Description: Improper Certificate Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-584924
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...

      ✗ Low severity vulnerability found in nettle/libnettle6
      Description: CVE-2021-3580
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-NETTLE-1301269
      Introduced through: iputils/iputils-ping@3:20180629-2+deb10u1, wget@1.20.1-1.1, git@1:2.20.1-2+deb10u3, curl@7.64.0-4+deb10u1
      From: iputils/iputils-ping@3:20180629-2+deb10u1 > nettle/libnettle6@3.4.1-1
      From: wget@1.20.1-1.1 > nettle/libnettle6@3.4.1-1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1 > nettle/libnettle6@3.4.1-1
      and 5 more...

      ✗ Low severity vulnerability found in lz4/liblz4-1
      Description: Buffer Overflow
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
      Introduced through: apt@1.8.2.2, subversion@1.10.4-1+deb10u1, procps@2:3.3.15-2
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > lz4/liblz4-1@1.8.3-1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > lz4/liblz4-1@1.8.3-1
      From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u5 > lz4/liblz4-1@1.8.3-1

      ✗ Low severity vulnerability found in libtasn1-6
      Description: Resource Management Errors
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
      Introduced through: p11-kit@0.23.15-2, curl@7.64.0-4+deb10u1
      From: p11-kit@0.23.15-2 > libtasn1-6@4.13-3
      From: p11-kit@0.23.15-2 > p11-kit/p11-kit-modules@0.23.15-2 > libtasn1-6@4.13-3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > gnutls28/libgnutls30@3.6.7-4+deb10u5 > libtasn1-6@4.13-3

      ✗ Low severity vulnerability found in libssh2/libssh2-1
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSSH2-474372
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > libssh2/libssh2-1@1.8.0-2.1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1 > libssh2/libssh2-1@1.8.0-2.1

      ✗ Low severity vulnerability found in libseccomp/libseccomp2
      Description: Access Restriction Bypass
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
      Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.2
      From: libseccomp/libseccomp2@2.3.3-4
      From: apt@1.8.2.2 > libseccomp/libseccomp2@2.3.3-4

      ✗ Low severity vulnerability found in libpng1.6/libpng16-16
      Description: Resource Management Errors
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBPNG16-296440
      Introduced through: fontconfig@2.13.1-2
      From: fontconfig@2.13.1-2 > fontconfig/libfontconfig1@2.13.1-2 > freetype/libfreetype6@2.9.1-3+deb10u2 > libpng1.6/libpng16-16@1.6.36-6

      ✗ Low severity vulnerability found in libpng1.6/libpng16-16
      Description: Memory Leak
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBPNG16-296468
      Introduced through: fontconfig@2.13.1-2
      From: fontconfig@2.13.1-2 > fontconfig/libfontconfig1@2.13.1-2 > freetype/libfreetype6@2.9.1-3+deb10u2 > libpng1.6/libpng16-16@1.6.36-6

      ✗ Low severity vulnerability found in libpng1.6/libpng16-16
      Description: Out-of-bounds Write
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBPNG16-296471
      Introduced through: fontconfig@2.13.1-2
      From: fontconfig@2.13.1-2 > fontconfig/libfontconfig1@2.13.1-2 > freetype/libfreetype6@2.9.1-3+deb10u2 > libpng1.6/libpng16-16@1.6.36-6

      ✗ Low severity vulnerability found in libgcrypt20
      Description: Use of a Broken or Risky Cryptographic Algorithm
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
      Introduced through: gnupg2/dirmngr@2.2.12-1+deb10u1, gnupg2/gnupg@2.2.12-1+deb10u1, procps@2:3.3.15-2, curl@7.64.0-4+deb10u1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpgv@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnupg2/gpgconf@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      and 8 more...

      ✗ Low severity vulnerability found in krb5/libkrb5support0
      Description: CVE-2004-0971
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-395883
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3, openssh/openssh-client@1:7.9p1-10+deb10u2, subversion@1.10.4-1+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > krb5/libgssapi-krb5-2@1.17-3+deb10u1 > krb5/libkrb5support0@1.17-3+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > krb5/libgssapi-krb5-2@1.17-3+deb10u1 > krb5/libk5crypto3@1.17-3+deb10u1 > krb5/libkrb5support0@1.17-3+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > krb5/libgssapi-krb5-2@1.17-3+deb10u1 > krb5/libkrb5-3@1.17-3+deb10u1 > krb5/libkrb5support0@1.17-3+deb10u1
      and 11 more...

      ✗ Low severity vulnerability found in krb5/libkrb5support0
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-KRB5-395955
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3, openssh/openssh-client@1:7.9p1-10+deb10u2, subversion@1.10.4-1+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > krb5/libgssapi-krb5-2@1.17-3+deb10u1 > krb5/libkrb5support0@1.17-3+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > krb5/libgssapi-krb5-2@1.17-3+deb10u1 > krb5/libk5crypto3@1.17-3+deb10u1 > krb5/libkrb5support0@1.17-3+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > krb5/libgssapi-krb5-2@1.17-3+deb10u1 > krb5/libkrb5-3@1.17-3+deb10u1 > krb5/libkrb5support0@1.17-3+deb10u1
      and 11 more...

      ✗ Low severity vulnerability found in iptables/libxtables12
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPTABLES-287323
      Introduced through: iproute2@4.20.0-2
      From: iproute2@4.20.0-2 > iptables/libxtables12@1.8.2-4

      ✗ Low severity vulnerability found in iptables/libxtables12
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPTABLES-451768
      Introduced through: iproute2@4.20.0-2
      From: iproute2@4.20.0-2 > iptables/libxtables12@1.8.2-4

      ✗ Low severity vulnerability found in gnutls28/libgnutls30
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
      Introduced through: apt@1.8.2.2, gnupg2/dirmngr@2.2.12-1+deb10u1, wget@1.20.1-1.1, git@1:2.20.1-2+deb10u3, curl@7.64.0-4+deb10u1
      From: apt@1.8.2.2 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: wget@1.20.1-1.1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      and 3 more...

      ✗ Low severity vulnerability found in gnupg2/gpgv
      Description: Use of a Broken or Risky Cryptographic Algorithm
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
      Introduced through: apt@1.8.2.2, gnupg2/gnupg@2.2.12-1+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1
      From: apt@1.8.2.2 > gnupg2/gpgv@2.2.12-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpgv@2.2.12-1+deb10u1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnupg2/gpgconf@2.2.12-1+deb10u1
      and 18 more...

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Double Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1078993
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Uncontrolled Recursion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Uncontrolled Recursion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356371
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Resource Management Errors
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356671
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Resource Management Errors
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: CVE-2010-4051
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356875
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Access Restriction Bypass
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Use of Insufficiently Random Values
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-534995
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in glibc/libc-bin
      Description: Integer Underflow
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-564233
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Low severity vulnerability found in git/git-man
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GIT-340854
      Introduced through: git@1:2.20.1-2+deb10u3
      From: git@1:2.20.1-2+deb10u3 > git/git-man@1:2.20.1-2+deb10u3
      From: git@1:2.20.1-2+deb10u3

      ✗ Low severity vulnerability found in expat/libexpat1
      Description: XML External Entity (XXE) Injection
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-EXPAT-358079
      Introduced through: git@1:2.20.1-2+deb10u3, fontconfig@2.13.1-2, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: git@1:2.20.1-2+deb10u3 > expat/libexpat1@2.2.6-2+deb10u1
      From: fontconfig@2.13.1-2 > fontconfig/libfontconfig1@2.13.1-2 > expat/libexpat1@2.2.6-2+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > expat/libexpat1@2.2.6-2+deb10u1
      and 2 more...

      ✗ Low severity vulnerability found in curl/libcurl4
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-1049501
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ Low severity vulnerability found in curl/libcurl4
      Description: Authentication Bypass
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-1089958
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ Low severity vulnerability found in curl/libcurl4
      Description: CVE-2021-22898
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-1296892
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1

      ✗ Low severity vulnerability found in coreutils
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
      Introduced through: fontconfig@2.13.1-2
      From: fontconfig@2.13.1-2 > fontconfig/libfontconfig1@2.13.1-2 > fontconfig/fontconfig-config@2.13.1-2 > ucf@3.0038+nmu1 > coreutils@8.30-3

      ✗ Low severity vulnerability found in coreutils
      Description: Race Condition
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
      Introduced through: fontconfig@2.13.1-2
      From: fontconfig@2.13.1-2 > fontconfig/libfontconfig1@2.13.1-2 > fontconfig/fontconfig-config@2.13.1-2 > ucf@3.0038+nmu1 > coreutils@8.30-3

      ✗ Low severity vulnerability found in bash
      Description: Improper Check for Dropped Privileges
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
      Introduced through: bash@5.0-4
      From: bash@5.0-4

      ✗ Low severity vulnerability found in apt/libapt-pkg5.0
      Description: Improper Verification of Cryptographic Signature
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-APT-407502
      Introduced through: apt/libapt-pkg5.0@1.8.2.2, apt@1.8.2.2
      From: apt/libapt-pkg5.0@1.8.2.2
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2
      From: apt@1.8.2.2

      ✗ Medium severity vulnerability found in wget
      Description: Open Redirect
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-WGET-1277612
      Introduced through: wget@1.20.1-1.1
      From: wget@1.20.1-1.1

      ✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
      Description: Uncontrolled Recursion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537251
      Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpg@2.2.12-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1

      ✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
      Description: Improper Handling of Exceptional Conditions
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-539769
      Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpg@2.2.12-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1

      ✗ Medium severity vulnerability found in sqlite3/libsqlite3-0
      Description: CVE-2020-13631
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-570487
      Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpg@2.2.12-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1

      ✗ Medium severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: HTTP Request Smuggling
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-1085863
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ Medium severity vulnerability found in pcre3/libpcre3
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
      Introduced through: meta-common-packages@meta
      From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12

      ✗ Medium severity vulnerability found in p11-kit/libp11-kit0
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050832
      Introduced through: p11-kit@0.23.15-2, curl@7.64.0-4+deb10u1
      From: p11-kit@0.23.15-2 > p11-kit/libp11-kit0@0.23.15-2
      From: p11-kit@0.23.15-2 > p11-kit/p11-kit-modules@0.23.15-2 > p11-kit/libp11-kit0@0.23.15-2
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > gnutls28/libgnutls30@3.6.7-4+deb10u5 > p11-kit/libp11-kit0@0.23.15-2
      and 2 more...
      Fixed in: 0.23.15-2+deb10u1

      ✗ Medium severity vulnerability found in openssl/libssl1.1
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1075330
      Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u4, openssh/openssh-client@1:7.9p1-10+deb10u2, ca-certificates@20200601~deb10u1, curl@7.64.0-4+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: openssl/libssl1.1@1.1.1d-0+deb10u4
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > openssl/libssl1.1@1.1.1d-0+deb10u4
      From: ca-certificates@20200601~deb10u1 > openssl@1.1.1d-0+deb10u4 > openssl/libssl1.1@1.1.1d-0+deb10u4
      and 6 more...
      Fixed in: 1.1.1d-0+deb10u5

      ✗ Medium severity vulnerability found in openssl/libssl1.1
      Description: NULL Pointer Dereference
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1089177
      Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u4, openssh/openssh-client@1:7.9p1-10+deb10u2, ca-certificates@20200601~deb10u1, curl@7.64.0-4+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: openssl/libssl1.1@1.1.1d-0+deb10u4
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > openssl/libssl1.1@1.1.1d-0+deb10u4
      From: ca-certificates@20200601~deb10u1 > openssl@1.1.1d-0+deb10u4 > openssl/libssl1.1@1.1.1d-0+deb10u4
      and 6 more...
      Fixed in: 1.1.1d-0+deb10u6

      ✗ Medium severity vulnerability found in openssl/libssl1.1
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-536856
      Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u4, openssh/openssh-client@1:7.9p1-10+deb10u2, ca-certificates@20200601~deb10u1, curl@7.64.0-4+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: openssl/libssl1.1@1.1.1d-0+deb10u4
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > openssl/libssl1.1@1.1.1d-0+deb10u4
      From: ca-certificates@20200601~deb10u1 > openssl@1.1.1d-0+deb10u4 > openssl/libssl1.1@1.1.1d-0+deb10u4
      and 6 more...
      Fixed in: 1.1.1d-0+deb10u5

      ✗ Medium severity vulnerability found in libzstd/libzstd1
      Description: Incorrect Default Permissions
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBZSTD-1080893
      Introduced through: libzstd/libzstd1@1.3.8+dfsg-3, apt@1.8.2.2
      From: libzstd/libzstd1@1.3.8+dfsg-3
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > libzstd/libzstd1@1.3.8+dfsg-3
      Fixed in: 1.3.8+dfsg-3+deb10u1

      ✗ Medium severity vulnerability found in libzstd/libzstd1
      Description: Incorrect Default Permissions
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBZSTD-1080899
      Introduced through: libzstd/libzstd1@1.3.8+dfsg-3, apt@1.8.2.2
      From: libzstd/libzstd1@1.3.8+dfsg-3
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > libzstd/libzstd1@1.3.8+dfsg-3
      Fixed in: 1.3.8+dfsg-3+deb10u2

      ✗ Medium severity vulnerability found in libgcrypt20
      Description: Race Condition
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
      Introduced through: gnupg2/dirmngr@2.2.12-1+deb10u1, gnupg2/gnupg@2.2.12-1+deb10u1, procps@2:3.3.15-2, curl@7.64.0-4+deb10u1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpgv@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnupg2/gpgconf@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      and 8 more...

      ✗ Medium severity vulnerability found in iproute2
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-IPROUTE2-568742
      Introduced through: iproute2@4.20.0-2
      From: iproute2@4.20.0-2

      ✗ Medium severity vulnerability found in glibc/libc-bin
      Description: Loop with Unreachable Exit Condition ('Infinite Loop')
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1035462
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Medium severity vulnerability found in glibc/libc-bin
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1055403
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Medium severity vulnerability found in glibc/libc-bin
      Description: Out-of-Bounds
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559181
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ Medium severity vulnerability found in curl/libcurl4
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-1089952
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ High severity vulnerability found in systemd/libsystemd0
      Description: Privilege Chaining
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
      Introduced through: util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.2, util-linux/mount@2.33.1-0.1, procps@2:3.3.15-2, systemd/libudev1@241-7~deb10u5
      From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > systemd/libsystemd0@241-7~deb10u5
      From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      and 4 more...

      ✗ High severity vulnerability found in systemd/libsystemd0
      Description: Incorrect Privilege Assignment
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
      Introduced through: util-linux/bsdutils@1:2.33.1-0.1, apt@1.8.2.2, util-linux/mount@2.33.1-0.1, procps@2:3.3.15-2, systemd/libudev1@241-7~deb10u5
      From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > systemd/libsystemd0@241-7~deb10u5
      From: util-linux/mount@2.33.1-0.1 > util-linux@2.33.1-0.1 > systemd/libsystemd0@241-7~deb10u5
      and 4 more...

      ✗ High severity vulnerability found in subversion/libsvn1
      Description: NULL Pointer Dereference
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SUBVERSION-1071814
      Introduced through: subversion@1.10.4-1+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1
      From: subversion@1.10.4-1+deb10u1
      Fixed in: 1.10.4-1+deb10u2

      ✗ High severity vulnerability found in sqlite3/libsqlite3-0
      Description: CVE-2019-19603
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-SQLITE3-537598
      Introduced through: gnupg2/gnupg@2.2.12-1+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpg@2.2.12-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1 > sqlite3/libsqlite3-0@3.27.2-3+deb10u1

      ✗ High severity vulnerability found in python2.7/libpython2.7-stdlib
      Description: Buffer Overflow
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PYTHON27-1063178
      Introduced through: mercurial@4.8.2-1+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python2.7@2.7.16-2+deb10u1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      From: mercurial@4.8.2-1+deb10u1 > python-defaults/python@2.7.16-1 > python-defaults/libpython-stdlib@2.7.16-1 > python-defaults/libpython2-stdlib@2.7.16-1 > python2.7/libpython2.7-stdlib@2.7.16-2+deb10u1
      and 7 more...

      ✗ High severity vulnerability found in pcre2/libpcre2-8-0
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE2-548863
      Introduced through: git@1:2.20.1-2+deb10u3, wget@1.20.1-1.1
      From: git@1:2.20.1-2+deb10u3 > pcre2/libpcre2-8-0@10.32-5
      From: wget@1.20.1-1.1 > pcre2/libpcre2-8-0@10.32-5

      ✗ High severity vulnerability found in p11-kit/libp11-kit0
      Description: Out-of-bounds Write
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050833
      Introduced through: p11-kit@0.23.15-2, curl@7.64.0-4+deb10u1
      From: p11-kit@0.23.15-2 > p11-kit/libp11-kit0@0.23.15-2
      From: p11-kit@0.23.15-2 > p11-kit/p11-kit-modules@0.23.15-2 > p11-kit/libp11-kit0@0.23.15-2
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > gnutls28/libgnutls30@3.6.7-4+deb10u5 > p11-kit/libp11-kit0@0.23.15-2
      and 2 more...
      Fixed in: 0.23.15-2+deb10u1

      ✗ High severity vulnerability found in p11-kit/libp11-kit0
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-P11KIT-1050836
      Introduced through: p11-kit@0.23.15-2, curl@7.64.0-4+deb10u1
      From: p11-kit@0.23.15-2 > p11-kit/libp11-kit0@0.23.15-2
      From: p11-kit@0.23.15-2 > p11-kit/p11-kit-modules@0.23.15-2 > p11-kit/libp11-kit0@0.23.15-2
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > gnutls28/libgnutls30@3.6.7-4+deb10u5 > p11-kit/libp11-kit0@0.23.15-2
      and 2 more...
      Fixed in: 0.23.15-2+deb10u1

      ✗ High severity vulnerability found in openssl/libssl1.1
      Description: Integer Overflow or Wraparound
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-1075326
      Introduced through: openssl/libssl1.1@1.1.1d-0+deb10u4, openssh/openssh-client@1:7.9p1-10+deb10u2, ca-certificates@20200601~deb10u1, curl@7.64.0-4+deb10u1, subversion@1.10.4-1+deb10u1, mercurial@4.8.2-1+deb10u1
      From: openssl/libssl1.1@1.1.1d-0+deb10u4
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > openssl/libssl1.1@1.1.1d-0+deb10u4
      From: ca-certificates@20200601~deb10u1 > openssl@1.1.1d-0+deb10u4 > openssl/libssl1.1@1.1.1d-0+deb10u4
      and 6 more...
      Fixed in: 1.1.1d-0+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Reachable Assertion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064721
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064724
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Integer Underflow
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064726
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Release of Invalid Pointer or Reference
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064733
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Double Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064737
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Loop with Unreachable Exit Condition ('Infinite Loop')
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064742
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: CVE-2020-36226
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064744
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Integer Underflow
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064746
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Access of Resource Using Incompatible Type ('Type Confusion')
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064752
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Reachable Assertion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1064754
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u5

      ✗ High severity vulnerability found in openldap/libldap-common
      Description: Reachable Assertion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENLDAP-1074919
      Introduced through: curl@7.64.0-4+deb10u1, gnupg2/dirmngr@2.2.12-1+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4 > openldap/libldap-common@2.4.47+dfsg-3+deb10u4
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > openldap/libldap-2.4-2@2.4.47+dfsg-3+deb10u4
      and 1 more...
      Fixed in: 2.4.47+dfsg-3+deb10u6

      ✗ High severity vulnerability found in nettle/libnettle6
      Description: Use of a Broken or Risky Cryptographic Algorithm
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-NETTLE-1090205
      Introduced through: iputils/iputils-ping@3:20180629-2+deb10u1, wget@1.20.1-1.1, git@1:2.20.1-2+deb10u3, curl@7.64.0-4+deb10u1
      From: iputils/iputils-ping@3:20180629-2+deb10u1 > nettle/libnettle6@3.4.1-1
      From: wget@1.20.1-1.1 > nettle/libnettle6@3.4.1-1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1 > nettle/libnettle6@3.4.1-1
      and 5 more...

      ✗ High severity vulnerability found in lz4/liblz4-1
      Description: Out-of-bounds Write
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LZ4-1277601
      Introduced through: apt@1.8.2.2, subversion@1.10.4-1+deb10u1, procps@2:3.3.15-2
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > lz4/liblz4-1@1.8.3-1
      From: subversion@1.10.4-1+deb10u1 > subversion/libsvn1@1.10.4-1+deb10u1 > lz4/liblz4-1@1.8.3-1
      From: procps@2:3.3.15-2 > procps/libprocps7@2:3.3.15-2 > systemd/libsystemd0@241-7~deb10u5 > lz4/liblz4-1@1.8.3-1
      Fixed in: 1.8.3-1+deb10u1

      ✗ High severity vulnerability found in libssh2/libssh2-1
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSSH2-452460
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > libssh2/libssh2-1@1.8.0-2.1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1 > libssh2/libssh2-1@1.8.0-2.1

      ✗ High severity vulnerability found in libidn2/libidn2-0
      Description: Improper Input Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
      Introduced through: iputils/iputils-ping@3:20180629-2+deb10u1, wget@1.20.1-1.1, curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: iputils/iputils-ping@3:20180629-2+deb10u1 > libidn2/libidn2-0@2.0.5-1+deb10u1
      From: wget@1.20.1-1.1 > libidn2/libidn2-0@2.0.5-1+deb10u1
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1 > libidn2/libidn2-0@2.0.5-1+deb10u1
      and 3 more...

      ✗ High severity vulnerability found in libgcrypt20
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-1297893
      Introduced through: gnupg2/dirmngr@2.2.12-1+deb10u1, gnupg2/gnupg@2.2.12-1+deb10u1, procps@2:3.3.15-2, curl@7.64.0-4+deb10u1
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      From: gnupg2/gnupg@2.2.12-1+deb10u1 > gnupg2/gpgv@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnupg2/gpgconf@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5
      and 8 more...

      ✗ High severity vulnerability found in libbsd/libbsd0
      Description: Out-of-bounds Read
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBBSD-541041
      Introduced through: openssh/openssh-client@1:7.9p1-10+deb10u2
      From: openssh/openssh-client@1:7.9p1-10+deb10u2 > libedit/libedit2@3.1-20181209-1 > libbsd/libbsd0@0.9.1-2
      Fixed in: 0.9.1-2+deb10u1

      ✗ High severity vulnerability found in gnutls28/libgnutls30
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-1085094
      Introduced through: apt@1.8.2.2, gnupg2/dirmngr@2.2.12-1+deb10u1, wget@1.20.1-1.1, git@1:2.20.1-2+deb10u3, curl@7.64.0-4+deb10u1
      From: apt@1.8.2.2 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: wget@1.20.1-1.1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      and 3 more...

      ✗ High severity vulnerability found in gnutls28/libgnutls30
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-1085097
      Introduced through: apt@1.8.2.2, gnupg2/dirmngr@2.2.12-1+deb10u1, wget@1.20.1-1.1, git@1:2.20.1-2+deb10u3, curl@7.64.0-4+deb10u1
      From: apt@1.8.2.2 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: wget@1.20.1-1.1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      and 3 more...

      ✗ High severity vulnerability found in gnutls28/libgnutls30
      Description: Out-of-bounds Write
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-609778
      Introduced through: apt@1.8.2.2, gnupg2/dirmngr@2.2.12-1+deb10u1, wget@1.20.1-1.1, git@1:2.20.1-2+deb10u3, curl@7.64.0-4+deb10u1
      From: apt@1.8.2.2 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: gnupg2/dirmngr@2.2.12-1+deb10u1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      From: wget@1.20.1-1.1 > gnutls28/libgnutls30@3.6.7-4+deb10u5
      and 3 more...

      ✗ High severity vulnerability found in glibc/libc-bin
      Description: Reachable Assertion
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1065768
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ High severity vulnerability found in glibc/libc-bin
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1296899
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ High severity vulnerability found in glibc/libc-bin
      Description: Out-of-bounds Write
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ High severity vulnerability found in glibc/libc-bin
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559493
      Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
      From: glibc/libc-bin@2.28-10
      From: meta-common-packages@meta > glibc/libc6@2.28-10

      ✗ High severity vulnerability found in git/git-man
      Description: Link Following
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GIT-1083853
      Introduced through: git@1:2.20.1-2+deb10u3
      From: git@1:2.20.1-2+deb10u3 > git/git-man@1:2.20.1-2+deb10u3
      From: git@1:2.20.1-2+deb10u3

      ✗ High severity vulnerability found in gcc-8/libstdc++6
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
      Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.2, meta-common-packages@meta
      From: gcc-8/libstdc++6@8.3.0-6
      From: apt@1.8.2.2 > gcc-8/libstdc++6@8.3.0-6
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > gcc-8/libstdc++6@8.3.0-6
      and 2 more...

      ✗ High severity vulnerability found in gcc-8/libstdc++6
      Description: Insufficient Entropy
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
      Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.2, meta-common-packages@meta
      From: gcc-8/libstdc++6@8.3.0-6
      From: apt@1.8.2.2 > gcc-8/libstdc++6@8.3.0-6
      From: apt@1.8.2.2 > apt/libapt-pkg5.0@1.8.2.2 > gcc-8/libstdc++6@8.3.0-6
      and 2 more...

      ✗ High severity vulnerability found in curl/libcurl4
      Description: Out-of-bounds Write
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-1049502
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ High severity vulnerability found in curl/libcurl4
      Description: Improper Certificate Validation
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-1049506
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ High severity vulnerability found in curl/libcurl4
      Description: Arbitrary Code Injection
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-573151
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ High severity vulnerability found in curl/libcurl4
      Description: Information Exposure
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-573153
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

      ✗ High severity vulnerability found in curl/libcurl4
      Description: Use After Free
      Info: https://snyk.io/vuln/SNYK-DEBIAN10-CURL-608200
      Introduced through: curl@7.64.0-4+deb10u1, git@1:2.20.1-2+deb10u3
      From: curl@7.64.0-4+deb10u1 > curl/libcurl4@7.64.0-4+deb10u1
      From: curl@7.64.0-4+deb10u1
      From: git@1:2.20.1-2+deb10u3 > curl/libcurl3-gnutls@7.64.0-4+deb10u1
      Fixed in: 7.64.0-4+deb10u2

       

      Package manager: deb
      Project name: docker-image|guacamole/guacamole
      Docker image: guacamole/guacamole:1.3.0
      Platform: linux/amd64

      Tested 179 dependencies for known vulnerabilities, found 137 vulnerabilities.

      For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp

      tgates@MacBook-Pro ~

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tgates Tom Gates

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment