Added CVE Scan Action by ywarnecke · Pull Request #220 · imi-ms/MoPat

ywarnecke · 2025-09-18T13:06:12Z

No description provided.

github-actions · 2025-09-18T13:06:34Z

🔍 Trivy Vulnerability Scan Results:

github-actions · 2025-09-18T13:11:58Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-09-18T13:12:46Z

🔍 Trivy Vulnerability Scan Results:

%0AFor OSS Maintainers: VEX Notice%0A--------------------------------%0AIf you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.%0AVEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.%0ALearn more and start using VEX: https://aquasecurity.github.io/trivy/v0.56/docs/supply-chain/vex/repo#publishing-vex-documents%0A%0ATo disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.%0A%0A%0Amopat-webapp-container:latest (ubuntu 24.04)%0A============================================%0ATotal: 90 (UNKNOWN: 0, LOW: 29, MEDIUM: 61, HIGH: 0, CRITICAL: 0)%0A%0A┌───────────────────────────┬────────────────┬──────────┬──────────┬─────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐%0A│          Library          │ Vulnerability  │ Severity │  Status  │    Installed Version    │ Fixed Version │                            Title                             │%0A├───────────────────────────┼────────────────┼──────────┼──────────┼─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ binutils                  │ CVE-2025-1147  │ MEDIUM   │ affected │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│ binutils-common           │ CVE-2025-1147  │ MEDIUM   │          │                         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│ binutils-x86-64-linux-gnu │ CVE-2025-1147  │ MEDIUM   │          │                         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ coreutils                 │ CVE-2016-2781  │          │          │ 9.4-3ubuntu6.1          │               │ coreutils: Non-privileged session can escape to the parent   │%0A│                           │                │          │          │                         │               │ session in chroot                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2016-2781                    │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ curl                      │ CVE-2025-0167  │          │          │ 8.5.0-2ubuntu10.6       │               │ When asked to use a `.netrc` file for credentials **and** to │%0A│                           │                │          │          │                         │               │ follow...                                                    │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-0167                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-10148 │          │          │                         │               │ curl: predictable WebSocket mask                             │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-10148                   │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-9086  │          │          │                         │               │ curl: libcurl: Curl out of bounds read for cookie path       │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-9086                    │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ dirmngr                   │ CVE-2022-3219  │          │          │ 2.4.4-2ubuntu17.3       │               │ gnupg: denial of service issue (resource consumption) using  │%0A│                           │                │          │          │                         │               │ compressed packets                                           │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2022-3219                    │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gnupg                     │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gnupg-utils               │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gpg                       │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gpg-agent                 │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gpgconf                   │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gpgsm                     │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ gpgv                      │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ keyboxd                   │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libbinutils               │ CVE-2025-1147  │ MEDIUM   │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libc-bin                  │ CVE-2025-8058  │ MEDIUM   │          │ 2.39-0ubuntu8.5         │               │ glibc: Double free in glibc                                  │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8058                    │%0A├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │%0A│ libc6                     │                │          │          │                         │               │                                                              │%0A│                           │                │          │          │                         │               │                                                              │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libctf-nobfd0             │ CVE-2025-1147  │          │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libctf0                   │ CVE-2025-1147  │ MEDIUM   │          │                         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libcurl4t64               │ CVE-2025-0167  │          │          │ 8.5.0-2ubuntu10.6       │               │ When asked to use a `.netrc` file for credentials **and** to │%0A│                           │                │          │          │                         │               │ follow...                                                    │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-0167                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-10148 │          │          │                         │               │ curl: predictable WebSocket mask                             │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-10148                   │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-9086  │          │          │                         │               │ curl: libcurl: Curl out of bounds read for cookie path       │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-9086                    │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libgcrypt20               │ CVE-2024-2236  │          │          │ 1.10.3-2build1          │               │ libgcrypt: vulnerable to Marvin Attack                       │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-2236                    │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libgprofng0               │ CVE-2025-1147  │ MEDIUM   │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libpam-modules            │ CVE-2024-10963 │ MEDIUM   │          │ 1.5.3-5ubuntu5.4        │               │ pam: Improper Hostname Interpretation in pam_access Leads to │%0A│                           │                │          │          │                         │               │ Access Control Bypass                                        │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │%0A├───────────────────────────┼────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libpam-modules-bin        │ CVE-2024-10963 │          │          │                         │               │ pam: Improper Hostname Interpretation in pam_access Leads to │%0A│                           │                │          │          │                         │               │ Access Control Bypass                                        │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │%0A├───────────────────────────┼────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libpam-runtime            │ CVE-2024-10963 │          │          │                         │               │ pam: Improper Hostname Interpretation in pam_access Leads to │%0A│                           │                │          │          │                         │               │ Access Control Bypass                                        │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │%0A├───────────────────────────┼────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libpam0g                  │ CVE-2024-10963 │          │          │                         │               │ pam: Improper Hostname Interpretation in pam_access Leads to │%0A│                           │                │          │          │                         │               │ Access Control Bypass                                        │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libsframe1                │ CVE-2025-1147  │          │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │%0A│                           │                │          │          │                         │               │ overflow                                                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │%0A│                           │                │          │          │                         │               │ leak                                                         │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │%0A│                           │                │          │          │                         │               │ corruption                                                   │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │%0A│                           │                │          │          │                         │               │ memory corruption                                            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │%0A│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │%0A│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │%0A│                           │                │          │          │                         │               │ in libiberty                                                 │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ libssl3t64                │ CVE-2024-41996 │          │          │ 3.0.13-0ubuntu3.5       │               │ openssl: remote attackers (from the client side) to trigger  │%0A│                           │                │          │          │                         │               │ unnecessarily expensive server-side...                       │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-41996                   │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ locales                   │ CVE-2025-8058  │ MEDIUM   │          │ 2.39-0ubuntu8.5         │               │ glibc: Double free in glibc                                  │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8058                    │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ login                     │ CVE-2024-56433 │ LOW      │          │ 1:4.13+dfsg1-4ubuntu3.2 │               │ shadow-utils: Default subordinate ID configuration in        │%0A│                           │                │          │          │                         │               │ /etc/login.defs could lead to compromise                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-56433                   │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ openssl                   │ CVE-2024-41996 │          │          │ 3.0.13-0ubuntu3.5       │               │ openssl: remote attackers (from the client side) to trigger  │%0A│                           │                │          │          │                         │               │ unnecessarily expensive server-side...                       │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-41996                   │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ passwd                    │ CVE-2024-56433 │          │          │ 1:4.13+dfsg1-4ubuntu3.2 │               │ shadow-utils: Default subordinate ID configuration in        │%0A│                           │                │          │          │                         │               │ /etc/login.defs could lead to compromise                     │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-56433                   │%0A├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ tar                       │ CVE-2025-45582 │ MEDIUM   │          │ 1.35+dfsg-3build1       │               │ tar: Tar path traversal                                      │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-45582                   │%0A├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ wget                      │ CVE-2021-31879 │          │          │ 1.21.4-1ubuntu4.1       │               │ wget: authorization header disclosure on redirect            │%0A│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2021-31879                   │%0A└───────────────────────────┴────────────────┴──────────┴──────────┴─────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘%0A%0AJava (jar)%0A==========%0ATotal: 5 (UNKNOWN: 0, LOW: 0, MEDIUM: 5, HIGH: 0, CRITICAL: 0)%0A%0A┌────────────────────────────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐%0A│                  Library                   │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                            Title                             │%0A├────────────────────────────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ ca.uhn.hapi.fhir:hapi-fhir-base (ROOT.war) │ CVE-2019-12741 │ MEDIUM   │ fixed    │ 3.0.0             │ 3.8.0         │ Cross-site Scripting in HAPI FHIR                            │%0A│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2019-12741                   │%0A├────────────────────────────────────────────┼────────────────┤          ├──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ commons-lang:commons-lang (ROOT.war)       │ CVE-2025-48924 │          │ affected │ 2.6               │               │ commons-lang/commons-lang: org.apache.commons/commons-lang3: │%0A│                                            │                │          │          │                   │               │ Uncontrolled Recursion vulnerability in Apache Commons Lang  │%0A│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-48924                   │%0A├────────────────────────────────────────────┼────────────────┤          ├──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤%0A│ org.bouncycastle:bcprov-jdk16 (ROOT.war)   │ CVE-2020-15522 │          │ fixed    │ 1.46              │ 1.66          │ bouncycastle: Timing issue within the EC math library        │%0A│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-15522                   │%0A│                                            ├────────────────┤          │          │                   ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                                            │ CVE-2020-26939 │          │          │                   │ 1.61          │ In Legion of the Bouncy Castle BC before 1.61 and BC-FJA     │%0A│                                            │                │          │          │                   │               │ before...                                                    │%0A│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-26939                   │%0A│                                            ├────────────────┤          │          │                   ├───────────────┼──────────────────────────────────────────────────────────────┤%0A│                                            │ CVE-2023-33202 │          │          │                   │ 1.73          │ bc-java: Out of memory while parsing ASN.1 crafted data in   │%0A│                                            │                │          │          │                   │               │ org.bouncycastle.openssl.PEMParser class...                  │%0A│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-33202                   │%0A└────────────────────────────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

github-actions · 2025-09-18T13:12:58Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-09-18T13:21:21Z

🔍 Trivy Vulnerability Scan Results:


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://aquasecurity.github.io/trivy/v0.56/docs/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


mopat-webapp-container:latest (ubuntu 24.04)
============================================
Total: 90 (UNKNOWN: 0, LOW: 29, MEDIUM: 61, HIGH: 0, CRITICAL: 0)

┌───────────────────────────┬────────────────┬──────────┬──────────┬─────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│          Library          │ Vulnerability  │ Severity │  Status  │    Installed Version    │ Fixed Version │                            Title                             │
├───────────────────────────┼────────────────┼──────────┼──────────┼─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ binutils                  │ CVE-2025-1147  │ MEDIUM   │ affected │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│ binutils-common           │ CVE-2025-1147  │ MEDIUM   │          │                         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│ binutils-x86-64-linux-gnu │ CVE-2025-1147  │ MEDIUM   │          │                         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ coreutils                 │ CVE-2016-2781  │          │          │ 9.4-3ubuntu6.1          │               │ coreutils: Non-privileged session can escape to the parent   │
│                           │                │          │          │                         │               │ session in chroot                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2016-2781                    │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ curl                      │ CVE-2025-0167  │          │          │ 8.5.0-2ubuntu10.6       │               │ When asked to use a `.netrc` file for credentials **and** to │
│                           │                │          │          │                         │               │ follow...                                                    │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-0167                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-10148 │          │          │                         │               │ curl: predictable WebSocket mask                             │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-10148                   │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-9086  │          │          │                         │               │ curl: libcurl: Curl out of bounds read for cookie path       │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-9086                    │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ dirmngr                   │ CVE-2022-3219  │          │          │ 2.4.4-2ubuntu17.3       │               │ gnupg: denial of service issue (resource consumption) using  │
│                           │                │          │          │                         │               │ compressed packets                                           │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2022-3219                    │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gnupg                     │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gnupg-utils               │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gpg                       │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gpg-agent                 │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gpgconf                   │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gpgsm                     │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ gpgv                      │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ keyboxd                   │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libbinutils               │ CVE-2025-1147  │ MEDIUM   │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libc-bin                  │ CVE-2025-8058  │ MEDIUM   │          │ 2.39-0ubuntu8.5         │               │ glibc: Double free in glibc                                  │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8058                    │
├───────────────────────────┤                │          │          │                         ├───────────────┤                                                              │
│ libc6                     │                │          │          │                         │               │                                                              │
│                           │                │          │          │                         │               │                                                              │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libctf-nobfd0             │ CVE-2025-1147  │          │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│ libctf0                   │ CVE-2025-1147  │ MEDIUM   │          │                         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libcurl4t64               │ CVE-2025-0167  │          │          │ 8.5.0-2ubuntu10.6       │               │ When asked to use a `.netrc` file for credentials **and** to │
│                           │                │          │          │                         │               │ follow...                                                    │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-0167                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-10148 │          │          │                         │               │ curl: predictable WebSocket mask                             │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-10148                   │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-9086  │          │          │                         │               │ curl: libcurl: Curl out of bounds read for cookie path       │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-9086                    │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgcrypt20               │ CVE-2024-2236  │          │          │ 1.10.3-2build1          │               │ libgcrypt: vulnerable to Marvin Attack                       │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-2236                    │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgprofng0               │ CVE-2025-1147  │ MEDIUM   │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libpam-modules            │ CVE-2024-10963 │ MEDIUM   │          │ 1.5.3-5ubuntu5.4        │               │ pam: Improper Hostname Interpretation in pam_access Leads to │
│                           │                │          │          │                         │               │ Access Control Bypass                                        │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │
├───────────────────────────┼────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│ libpam-modules-bin        │ CVE-2024-10963 │          │          │                         │               │ pam: Improper Hostname Interpretation in pam_access Leads to │
│                           │                │          │          │                         │               │ Access Control Bypass                                        │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │
├───────────────────────────┼────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│ libpam-runtime            │ CVE-2024-10963 │          │          │                         │               │ pam: Improper Hostname Interpretation in pam_access Leads to │
│                           │                │          │          │                         │               │ Access Control Bypass                                        │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │
├───────────────────────────┼────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│ libpam0g                  │ CVE-2024-10963 │          │          │                         │               │ pam: Improper Hostname Interpretation in pam_access Leads to │
│                           │                │          │          │                         │               │ Access Control Bypass                                        │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-10963                   │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-8941  │          │          │                         │               │ linux-pam: Incomplete fix for CVE-2025-6020                  │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8941                    │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libsframe1                │ CVE-2025-1147  │          │          │ 2.42-4ubuntu2.5         │               │ binutils: GNU Binutils nm nm.c internal_strlen buffer        │
│                           │                │          │          │                         │               │ overflow                                                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1147                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-1148  │          │          │                         │               │ binutils: GNU Binutils ld ldelfgen.c link_order_scan memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-1148                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-3198  │          │          │                         │               │ binutils: GNU Binutils objdump bucomm.c display_info memory  │
│                           │                │          │          │                         │               │ leak                                                         │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-3198                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5244  │          │          │                         │               │ binutils: GNU Binutils ld elflink.c elf_gc_sweep memory      │
│                           │                │          │          │                         │               │ corruption                                                   │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5244                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-5245  │          │          │                         │               │ binutils: GNU Binutils objdump debug.c debug_type_samep      │
│                           │                │          │          │                         │               │ memory corruption                                            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-5245                    │
│                           ├────────────────┤          │          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2025-7545  │          │          │                         │               │ binutils: Binutils: Heap Buffer Overflow                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-7545                    │
│                           ├────────────────┼──────────┤          │                         ├───────────────┼──────────────────────────────────────────────────────────────┤
│                           │ CVE-2017-13716 │ LOW      │          │                         │               │ binutils: Memory leak with the C++ symbol demangler routine  │
│                           │                │          │          │                         │               │ in libiberty                                                 │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2017-13716                   │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libssl3t64                │ CVE-2024-41996 │          │          │ 3.0.13-0ubuntu3.5       │               │ openssl: remote attackers (from the client side) to trigger  │
│                           │                │          │          │                         │               │ unnecessarily expensive server-side...                       │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-41996                   │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ locales                   │ CVE-2025-8058  │ MEDIUM   │          │ 2.39-0ubuntu8.5         │               │ glibc: Double free in glibc                                  │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-8058                    │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ login                     │ CVE-2024-56433 │ LOW      │          │ 1:4.13+dfsg1-4ubuntu3.2 │               │ shadow-utils: Default subordinate ID configuration in        │
│                           │                │          │          │                         │               │ /etc/login.defs could lead to compromise                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-56433                   │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ openssl                   │ CVE-2024-41996 │          │          │ 3.0.13-0ubuntu3.5       │               │ openssl: remote attackers (from the client side) to trigger  │
│                           │                │          │          │                         │               │ unnecessarily expensive server-side...                       │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-41996                   │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ passwd                    │ CVE-2024-56433 │          │          │ 1:4.13+dfsg1-4ubuntu3.2 │               │ shadow-utils: Default subordinate ID configuration in        │
│                           │                │          │          │                         │               │ /etc/login.defs could lead to compromise                     │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2024-56433                   │
├───────────────────────────┼────────────────┼──────────┤          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ tar                       │ CVE-2025-45582 │ MEDIUM   │          │ 1.35+dfsg-3build1       │               │ tar: Tar path traversal                                      │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2025-45582                   │
├───────────────────────────┼────────────────┤          │          ├─────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ wget                      │ CVE-2021-31879 │          │          │ 1.21.4-1ubuntu4.1       │               │ wget: authorization header disclosure on redirect            │
│                           │                │          │          │                         │               │ https://avd.aquasec.com/nvd/cve-2021-31879                   │
└───────────────────────────┴────────────────┴──────────┴──────────┴─────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

Java (jar)
==========
Total: 5 (UNKNOWN: 0, LOW: 0, MEDIUM: 5, HIGH: 0, CRITICAL: 0)

┌────────────────────────────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│                  Library                   │ Vulnerability  │ Severity │  Status  │ Installed Version │ Fixed Version │                            Title                             │
├────────────────────────────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ ca.uhn.hapi.fhir:hapi-fhir-base (ROOT.war) │ CVE-2019-12741 │ MEDIUM   │ fixed    │ 3.0.0             │ 3.8.0         │ Cross-site Scripting in HAPI FHIR                            │
│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2019-12741                   │
├────────────────────────────────────────────┼────────────────┤          ├──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ commons-lang:commons-lang (ROOT.war)       │ CVE-2025-48924 │          │ affected │ 2.6               │               │ commons-lang/commons-lang: org.apache.commons/commons-lang3: │
│                                            │                │          │          │                   │               │ Uncontrolled Recursion vulnerability in Apache Commons Lang  │
│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2025-48924                   │
├────────────────────────────────────────────┼────────────────┤          ├──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ org.bouncycastle:bcprov-jdk16 (ROOT.war)   │ CVE-2020-15522 │          │ fixed    │ 1.46              │ 1.66          │ bouncycastle: Timing issue within the EC math library        │
│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-15522                   │
│                                            ├────────────────┤          │          │                   ├───────────────┼──────────────────────────────────────────────────────────────┤
│                                            │ CVE-2020-26939 │          │          │                   │ 1.61          │ In Legion of the Bouncy Castle BC before 1.61 and BC-FJA     │
│                                            │                │          │          │                   │               │ before...                                                    │
│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2020-26939                   │
│                                            ├────────────────┤          │          │                   ├───────────────┼──────────────────────────────────────────────────────────────┤
│                                            │ CVE-2023-33202 │          │          │                   │ 1.73          │ bc-java: Out of memory while parsing ASN.1 crafted data in   │
│                                            │                │          │          │                   │               │ org.bouncycastle.openssl.PEMParser class...                  │
│                                            │                │          │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-33202                   │
└────────────────────────────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

github-actions · 2025-09-18T13:22:52Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-13T14:32:45Z

🔍 Trivy Vulnerability Scan Results

Severity	Vulnerability ID	Package	Version	Fixed Version	Description
MEDIUM	CVE-2025-1147	binutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	binutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	binutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	binutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	binutils	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	binutils	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	binutils	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	binutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	binutils	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	binutils-common	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	binutils-common	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	binutils-common	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	binutils-common	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	binutils-common	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	binutils-common	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	binutils-common	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	binutils-common	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	binutils-common	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
LOW	CVE-2016-2781	coreutils	9.4-3ubuntu6.1	-	chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
LOW	CVE-2025-0167	curl	8.5.0-2ubuntu10.6	-	When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
LOW	CVE-2025-10148	curl	8.5.0-2ubuntu10.6	-	curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
LOW	CVE-2025-9086	curl	8.5.0-2ubuntu10.6	-	1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
LOW	CVE-2022-3219	dirmngr	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gnupg	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gnupg-utils	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpg	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpg-agent	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpgconf	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpgsm	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpgv	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	keyboxd	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
MEDIUM	CVE-2025-1147	libbinutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libbinutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libbinutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libbinutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libbinutils	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libbinutils	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libbinutils	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libbinutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libbinutils	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libctf-nobfd0	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	libctf0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libctf0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libctf0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libctf0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libctf0	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libctf0	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libctf0	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libctf0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libctf0	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
LOW	CVE-2025-0167	libcurl4t64	8.5.0-2ubuntu10.6	-	When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
LOW	CVE-2025-10148	libcurl4t64	8.5.0-2ubuntu10.6	-	curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
LOW	CVE-2025-9086	libcurl4t64	8.5.0-2ubuntu10.6	-	1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
LOW	CVE-2024-2236	libgcrypt20	1.10.3-2build1	-	A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
MEDIUM	CVE-2025-1147	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libgprofng0	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-8941	libpam-modules	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-8941	libpam-modules-bin	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-8941	libpam-runtime	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-8941	libpam0g	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-1147	libsframe1	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libsframe1	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libsframe1	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libsframe1	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libsframe1	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libsframe1	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libsframe1	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libsframe1	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libsframe1	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
LOW	CVE-2024-41996	libssl3t64	3.0.13-0ubuntu3.6	-	Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
LOW	CVE-2024-56433	login	1:4.13+dfsg1-4ubuntu3.2	-	shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
LOW	CVE-2024-41996	openssl	3.0.13-0ubuntu3.6	-	Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
LOW	CVE-2024-56433	passwd	1:4.13+dfsg1-4ubuntu3.2	-	shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
MEDIUM	CVE-2025-45582	tar	1.35+dfsg-3build1	-	GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
MEDIUM	CVE-2021-31879	wget	1.21.4-1ubuntu4.1	-	GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
MEDIUM	CVE-2019-12741	ca.uhn.hapi.fhir:hapi-fhir-base	3.0.0	3.8.0	XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.)
MEDIUM	CVE-2025-48924	commons-lang:commons-lang	2.6	-	Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
MEDIUM	CVE-2020-15522	org.bouncycastle:bcprov-jdk16	1.46	1.66	Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
MEDIUM	CVE-2020-26939	org.bouncycastle:bcprov-jdk16	1.46	1.61	In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
MEDIUM	CVE-2023-33202	org.bouncycastle:bcprov-jdk16	1.46	1.73	Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

github-actions · 2025-10-13T14:34:51Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-13T15:26:05Z

🔍 Trivy Vulnerability Scan Results

Severity	Vulnerability ID	Package	Version	Fixed Version	Description
MEDIUM	CVE-2025-1147	binutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	binutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	binutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	binutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	binutils	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	binutils	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	binutils	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	binutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	binutils	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	binutils-common	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	binutils-common	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	binutils-common	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	binutils-common	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	binutils-common	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	binutils-common	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	binutils-common	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	binutils-common	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	binutils-common	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	binutils-x86-64-linux-gnu	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
LOW	CVE-2016-2781	coreutils	9.4-3ubuntu6.1	-	chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
LOW	CVE-2025-0167	curl	8.5.0-2ubuntu10.6	-	When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
LOW	CVE-2025-10148	curl	8.5.0-2ubuntu10.6	-	curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
LOW	CVE-2025-9086	curl	8.5.0-2ubuntu10.6	-	1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
LOW	CVE-2022-3219	dirmngr	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gnupg	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gnupg-utils	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpg	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpg-agent	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpgconf	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpgsm	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	gpgv	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
LOW	CVE-2022-3219	keyboxd	2.4.4-2ubuntu17.3	-	GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.
MEDIUM	CVE-2025-1147	libbinutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libbinutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libbinutils	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libbinutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libbinutils	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libbinutils	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libbinutils	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libbinutils	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libbinutils	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libctf-nobfd0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libctf-nobfd0	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-1147	libctf0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libctf0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libctf0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libctf0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libctf0	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libctf0	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libctf0	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libctf0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libctf0	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
LOW	CVE-2025-0167	libcurl4t64	8.5.0-2ubuntu10.6	-	When asked to use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.
LOW	CVE-2025-10148	libcurl4t64	8.5.0-2ubuntu10.6	-	curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.
LOW	CVE-2025-9086	libcurl4t64	8.5.0-2ubuntu10.6	-	1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear text HTTP) using the same cookie set 3. The same cookie name is set - but with just a slash as path (`path='/'`). Since this site is not secure, the cookie should just be ignored. 4. A bug in the path comparison logic makes curl read outside a heap buffer boundary The bug either causes a crash or it potentially makes the comparison come to the wrong conclusion and lets the clear-text site override the contents of the secure cookie, contrary to expectations and depending on the memory contents immediately following the single-byte allocation that holds the path. The presumed and correct behavior would be to plainly ignore the second set of the cookie since it was already set as secure on a secure host so overriding it on an insecure host should not be okay.
LOW	CVE-2024-2236	libgcrypt20	1.10.3-2build1	-	A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
MEDIUM	CVE-2025-1147	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libgprofng0	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libgprofng0	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
MEDIUM	CVE-2025-8941	libpam-modules	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-8941	libpam-modules-bin	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-8941	libpam-runtime	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-8941	libpam0g	1.5.3-5ubuntu5.5	-	A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
MEDIUM	CVE-2025-1147	libsframe1	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
MEDIUM	CVE-2025-1148	libsframe1	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
MEDIUM	CVE-2025-3198	libsframe1	2.42-4ubuntu2.5	-	A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-5244	libsframe1	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
MEDIUM	CVE-2025-5245	libsframe1	2.42-4ubuntu2.5	-	A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7545	libsframe1	2.42-4ubuntu2.5	-	A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-7546	libsframe1	2.42-4ubuntu2.5	-	A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
MEDIUM	CVE-2025-8225	libsframe1	2.42-4ubuntu2.5	-	A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
LOW	CVE-2017-13716	libsframe1	2.42-4ubuntu2.5	-	The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).
LOW	CVE-2024-41996	libssl3t64	3.0.13-0ubuntu3.6	-	Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
LOW	CVE-2024-56433	login	1:4.13+dfsg1-4ubuntu3.2	-	shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
LOW	CVE-2024-41996	openssl	3.0.13-0ubuntu3.6	-	Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
LOW	CVE-2024-56433	passwd	1:4.13+dfsg1-4ubuntu3.2	-	shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.
MEDIUM	CVE-2025-45582	tar	1.35+dfsg-3build1	-	GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
MEDIUM	CVE-2021-31879	wget	1.21.4-1ubuntu4.1	-	GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
MEDIUM	CVE-2019-12741	ca.uhn.hapi.fhir:hapi-fhir-base	3.0.0	3.8.0	XSS exists in the HAPI FHIR testpage overlay module of the HAPI FHIR library before 3.8.0. The attack involves unsanitized HTTP parameters being output in a form page, allowing attackers to leak cookies and other sensitive information from ca/uhn/fhir/to/BaseController.java via a specially crafted URL. (This module is not generally used in production systems so the attack surface is expected to be low, but affected systems are recommended to upgrade immediately.)
MEDIUM	CVE-2025-48924	commons-lang:commons-lang	2.6	-	Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0. The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a StackOverflowError could cause an application to stop. Users are recommended to upgrade to version 3.18.0, which fixes the issue.
MEDIUM	CVE-2020-15522	org.bouncycastle:bcprov-jdk16	1.46	1.66	Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
MEDIUM	CVE-2020-26939	org.bouncycastle:bcprov-jdk16	1.46	1.61	In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
MEDIUM	CVE-2023-33202	org.bouncycastle:bcprov-jdk16	1.46	1.73	Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

github-actions · 2025-10-13T15:26:52Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T10:47:00Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T10:47:29Z

🔍 Trivy Vulnerability Scan Results

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

github-actions · 2025-10-14T11:55:31Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T11:56:15Z

🔍 Trivy Vulnerability Scan Results

🐳 Base Image (Ubuntu Noble) Vulnerabilities

☕️ Application / Library (Tomcat & Java) Vulnerabilities

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

github-actions · 2025-10-14T12:35:49Z

🔍 Trivy Vulnerability Scan Results

🐳 Base Image (Ubuntu) Vulnerabilities

☕️ Application / Library Vulnerabilities

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

github-actions · 2025-10-14T12:36:12Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T12:44:57Z

🔍 Trivy Vulnerability Scan Results

🐳 Base Image (Ubuntu) Vulnerabilities

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T12:45:29Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T13:00:12Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T13:01:08Z

🔍 Trivy Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T13:08:38Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T13:10:24Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T13:13:56Z

Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 396.920s

github-actions · 2025-10-14T13:16:14Z

Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 397.104s

github-actions · 2025-10-14T13:21:22Z

🔍 Trivy Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T13:21:51Z

Test Results:

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T13:26:24Z

Unit Test Results

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

github-actions · 2025-10-14T13:28:07Z

🔍 Trivy Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T13:29:48Z

Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 394.557s

github-actions · 2025-10-14T14:24:44Z

Test Results

Unit Test Results

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 405.704s

### Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T14:58:01Z

Test Results

Unit Test Results

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 397.098s

Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T15:06:19Z

Test Results

🧪 Unit Test Results

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

:🌐 Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 402.090s

Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-10-14T15:22:54Z

Test Results

🧪 Unit Test Results

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

🌐 Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 396.715s

Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.5	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.5	-
LOW	CVE-2017-13716	2.42-4ubuntu2.5	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 5 vulnerabilities found, 4 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

github-actions · 2025-11-12T08:50:31Z

Test Results

🧪 Unit Test Results

	Tests	Passed ✅	Skipped ⚠️	Failed
JUnit Test Report	1010 ran	1000 passed	10 skipped	0 failed

🌐 Selenium Test Results

Running Test: `test_admin_interface_conditions`

Successfully ran Test without Errors

Running Test: `test_admin_interface_index`

Successfully ran Test without Errors

Running Test: `test_admin_interface_login`

Successfully ran Test without Errors

Running Test: `test_admin_interface_questionnaire_question_types_score`

Successfully ran Test without Errors

Running Test: `test_bundle_fill`

Successfully ran Test without Errors

Running Test: `test_bundle_list`

Successfully ran Test without Errors

Running Test: `test_clinic_fill`

Successfully ran Test without Errors

Running Test: `test_clinic_list`

Successfully ran Test without Errors

Running Test: `test_configuration_edit`

Successfully ran Test without Errors

Running Test: `test_encounter_list`

Successfully ran Test without Errors

Running Test: `test_encounter_schedule`

Successfully ran Test without Errors

Running Test: `test_git_info`

Successfully ran Test without Errors

Running Test: `test_invitation_edit`

Successfully ran Test without Errors

Running Test: `test_invitation_list`

Successfully ran Test without Errors

Running Test: `test_login_admin`

Successfully ran Test without Errors

Running Test: `test_mobile_encounter_interface_test`

Successfully ran Test without Errors

Running Test: `test_one_time_statistic`

Successfully ran Test without Errors

Running Test: `test_questionnaire_export_automatic_mapping`

Successfully ran Test without Errors

Running Test: `test_user_list`

Successfully ran Test without Errors

Running Test: `test_user_mail_to_all`

Successfully ran Test without Errors

Test Summary

Total Tests Run: 20

Successful Tests (20/20):

test_admin_interface_conditions (__main__.CustomChromeTest.test_admin_interface_conditions)
test_admin_interface_index (__main__.CustomChromeTest.test_admin_interface_index)
test_admin_interface_login (__main__.CustomChromeTest.test_admin_interface_login)
test_admin_interface_questionnaire_question_types_score (__main__.CustomChromeTest.test_admin_interface_questionnaire_question_types_score)
test_bundle_fill (__main__.CustomChromeTest.test_bundle_fill)
test_bundle_list (__main__.CustomChromeTest.test_bundle_list)
test_clinic_fill (__main__.CustomChromeTest.test_clinic_fill)
test_clinic_list (__main__.CustomChromeTest.test_clinic_list)
test_configuration_edit (__main__.CustomChromeTest.test_configuration_edit)
test_encounter_list (__main__.CustomChromeTest.test_encounter_list)
test_encounter_schedule (__main__.CustomChromeTest.test_encounter_schedule)
test_git_info (__main__.CustomChromeTest.test_git_info)
test_invitation_edit (__main__.CustomChromeTest.test_invitation_edit)
test_invitation_list (__main__.CustomChromeTest.test_invitation_list)
test_login_admin (__main__.CustomChromeTest.test_login_admin)
test_mobile_encounter_interface_test (__main__.CustomChromeTest.test_mobile_encounter_interface_test)
test_one_time_statistic (__main__.CustomChromeTest.test_one_time_statistic)
test_questionnaire_export_automatic_mapping (__main__.CustomChromeTest.test_questionnaire_export_automatic_mapping)
test_user_list (__main__.CustomChromeTest.test_user_list)
test_user_mail_to_all (__main__.CustomChromeTest.test_user_mail_to_all)

Failed Tests (0/20):
None

Errored Tests (0/20):
None

Time Taken: 401.260s

Vulnerability Scan Results

🐳 Base Image Vulnerabilities: 99 vulnerabilities found, 0 with fixes

📦 Package: ["binutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["binutils-common"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["binutils-x86-64-linux-gnu"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["coreutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2016-2781	9.4-3ubuntu6.1	-

📦 Package: ["curl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["dirmngr"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gnupg-utils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpg-agent"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgconf"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgsm"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["gpgv"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["keyboxd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2022-3219	2.4.4-2ubuntu17.3	-

📦 Package: ["libbinutils"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["libctf-nobfd0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["libctf0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["libcurl4t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2025-0167	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-10148	8.5.0-2ubuntu10.6	-
LOW	CVE-2025-9086	8.5.0-2ubuntu10.6	-

📦 Package: ["libgcrypt20"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-2236	1.10.3-2build1	-

📦 Package: ["libgprofng0"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["libpam-modules"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-modules-bin"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam-runtime"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libpam0g"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-8941	1.5.3-5ubuntu5.5	-

📦 Package: ["libsframe1"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-1147	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-1148	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-3198	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5244	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-5245	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7545	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-7546	2.42-4ubuntu2.6	-
MEDIUM	CVE-2025-8225	2.42-4ubuntu2.6	-
LOW	CVE-2017-13716	2.42-4ubuntu2.6	-

📦 Package: ["libssl3t64"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["login"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["openssl"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-41996	3.0.13-0ubuntu3.6	-

📦 Package: ["passwd"]

Severity	Vulnerability ID	Installed Version	Fixed Version
LOW	CVE-2024-56433	1:4.13+dfsg1-4ubuntu3.2	-

📦 Package: ["tar"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-45582	1.35+dfsg-3build1	-

📦 Package: ["wget"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2021-31879	1.21.4-1ubuntu4.1	-

☕️ Application / Library Vulnerabilities: 6 vulnerabilities found, 5 with fixes

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2019-12741	3.0.0	3.8.0

📦 Package: ["ch.qos.logback:logback-core"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-11226	1.5.18	1.5.19, 1.3.16

📦 Package: ["commons-lang:commons-lang"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2025-48924	2.6	-

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

Severity	Vulnerability ID	Installed Version	Fixed Version
MEDIUM	CVE-2020-15522	1.46	1.66
MEDIUM	CVE-2020-26939	1.46	1.61
MEDIUM	CVE-2023-33202	1.46	1.73

ywarnecke added 2 commits September 18, 2025 15:00

Added action

f9c80b7

Adjusted compose command

174535c

ywarnecke self-assigned this Sep 18, 2025

ywarnecke requested a review from storckmi as a code owner September 18, 2025 13:06

Adjusted format of report

ad79964

Try markdown friendly format

b71e709

Removed VEX notice

0e02317

Adjusted formatting and excluded system level packages

a58d25f

Separated Ubuntu and Java CVEs

604f442

ywarnecke added 2 commits October 14, 2025 14:26

Adjusted command

941401d

Changed .Type to .Class

5d1a282

Added collapsible parts for the report

3881a69

ywarnecke changed the base branch from main to v3.3.0 October 14, 2025 13:02

ywarnecke and others added 2 commits October 14, 2025 15:02

Merge branch 'v3.3.0' into cve-scanner-action

956398c

Run check on every branch

3b0bf2c

Fixed docker-compose.yml

49da2ea

Sectionized selenium tests

c4991d2

Sectionized unit tests

426fb4b

ywarnecke added 3 commits October 14, 2025 15:39

Combined checks to one workflow

2e1a84c

Adjusted formatting

ed45892

Added write rights to the pr

cefd8ba

ywarnecke added 2 commits October 14, 2025 16:38

Adjusted format

b62ada3

Added emojis

2e701e0

Removed ":" from headers

65510c6

Merge branch 'v3.3.0' into cve-scanner-action

7fd817f

ywarnecke merged commit b3e7ec0 into v3.3.0 Nov 12, 2025
5 checks passed

Conversation

ywarnecke commented Sep 18, 2025

Uh oh!

github-actions bot commented Sep 18, 2025

🔍 Trivy Vulnerability Scan Results:

Uh oh!

github-actions bot commented Sep 18, 2025

Test Results:

Uh oh!

github-actions bot commented Sep 18, 2025

🔍 Trivy Vulnerability Scan Results:

Uh oh!

github-actions bot commented Sep 18, 2025

Test Results:

Uh oh!

github-actions bot commented Sep 18, 2025

🔍 Trivy Vulnerability Scan Results:

Uh oh!

github-actions bot commented Sep 18, 2025

Test Results:

Uh oh!

github-actions bot commented Oct 13, 2025

🔍 Trivy Vulnerability Scan Results

Uh oh!

github-actions bot commented Oct 13, 2025

Test Results:

Uh oh!

github-actions bot commented Oct 13, 2025

🔍 Trivy Vulnerability Scan Results

Uh oh!

github-actions bot commented Oct 13, 2025

Test Results:

Uh oh!

github-actions bot commented Oct 14, 2025

Test Results:

Uh oh!

github-actions bot commented Oct 14, 2025

🔍 Trivy Vulnerability Scan Results

📦 Package: ["binutils"]

📦 Package: ["binutils-common"]

📦 Package: ["binutils-x86-64-linux-gnu"]

📦 Package: ["ca.uhn.hapi.fhir:hapi-fhir-base"]

📦 Package: ["commons-lang:commons-lang"]

📦 Package: ["coreutils"]

📦 Package: ["curl"]

📦 Package: ["dirmngr"]

📦 Package: ["gnupg"]

📦 Package: ["gnupg-utils"]

📦 Package: ["gpg"]

📦 Package: ["gpg-agent"]

📦 Package: ["gpgconf"]

📦 Package: ["gpgsm"]

📦 Package: ["gpgv"]

📦 Package: ["keyboxd"]

📦 Package: ["libbinutils"]

📦 Package: ["libctf-nobfd0"]

📦 Package: ["libctf0"]

📦 Package: ["libcurl4t64"]

📦 Package: ["libgcrypt20"]

📦 Package: ["libgprofng0"]

📦 Package: ["libpam-modules"]

📦 Package: ["libpam-modules-bin"]

📦 Package: ["libpam-runtime"]

📦 Package: ["libpam0g"]

📦 Package: ["libsframe1"]

📦 Package: ["libssl3t64"]

📦 Package: ["login"]

📦 Package: ["openssl"]

📦 Package: ["org.bouncycastle:bcprov-jdk16"]

📦 Package: ["passwd"]

📦 Package: ["tar"]

📦 Package: ["wget"]

Uh oh!

github-actions bot commented Oct 14, 2025

Test Results:

Uh oh!

github-actions bot commented Oct 14, 2025

🔍 Trivy Vulnerability Scan Results

🐳 Base Image (Ubuntu Noble) Vulnerabilities

☕️ Application / Library (Tomcat & Java) Vulnerabilities