Merge pull request #43 from pascaliske/renovate/standard-changelog-6.x #124
Annotations
10 errors, 12 warnings, and 3 notices
Scan
CVE-2022-3094 - HIGH severity - bind: flooding with UPDATE requests may lead to DoS vulnerability in bind-libs
|
Scan
CVE-2022-3736 - HIGH severity - bind: sending specific queries to the resolver may cause a DoS vulnerability in bind-libs
|
Scan
CVE-2022-3924 - HIGH severity - bind: sending specific queries to the resolver may cause a DoS vulnerability in bind-libs
|
Scan
CVE-2023-3341 - HIGH severity - bind: stack exhaustion in control channel code may lead to DoS vulnerability in bind-libs
|
Scan
CVE-2023-4236 - HIGH severity - bind: an assertion failure may lead to DoS vulnerability in bind-libs
|
Scan
CVE-2023-4408 - HIGH severity - bind9: Parsing large DNS messages may cause excessive CPU load vulnerability in bind-libs
|
Scan
CVE-2023-50387 - HIGH severity - bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator vulnerability in bind-libs
|
Scan
CVE-2023-50868 - HIGH severity - bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources vulnerability in bind-libs
|
Scan
CVE-2023-5517 - HIGH severity - bind9: Querying RFC 1918 reverse zones may cause an assertion failure when “nxdomain-redirect” is enabled vulnerability in bind-libs
|
Scan
CVE-2023-5679 - HIGH severity - bind9: Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution vulnerability in bind-libs
|
Scan
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
Scan
CVE-2023-5680 - MEDIUM severity - bind9: Cleaning an ECS-enabled cache may cause excessive CPU load vulnerability in bind-libs
|
Scan
CVE-2023-5680 - MEDIUM severity - bind9: Cleaning an ECS-enabled cache may cause excessive CPU load vulnerability in bind-tools
|
Scan
CVE-2022-4203 - MEDIUM severity - openssl: read buffer overflow in X.509 certificate verification vulnerability in libcrypto3
|
Scan
CVE-2022-4304 - MEDIUM severity - openssl: timing attack in RSA Decryption implementation vulnerability in libcrypto3
|
Scan
CVE-2023-0465 - MEDIUM severity - openssl: Invalid certificate policies in leaf certificates are silently ignored vulnerability in libcrypto3
|
Scan
CVE-2023-0466 - MEDIUM severity - openssl: Certificate policy check not enabled vulnerability in libcrypto3
|
Scan
CVE-2023-1255 - MEDIUM severity - openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM vulnerability in libcrypto3
|
Scan
CVE-2023-2650 - MEDIUM severity - openssl: Possible DoS translating ASN.1 object identifiers vulnerability in libcrypto3
|
Scan
CVE-2023-2975 - MEDIUM severity - openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries vulnerability in libcrypto3
|
Scan
CVE-2023-3446 - MEDIUM severity - openssl: Excessive time spent checking DH keys and parameters vulnerability in libcrypto3
|
Build
The `set-output` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
|
Scan
CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in libcrypto3
|
Scan
CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in libssl3
|
Scan
CVE-2024-2511 - LOW severity - openssl: Unbounded memory growth with session handling in TLSv1.3 vulnerability in openssl
|