chore: update gh actions to use docker scout

[cp-fabian-pittroff]

No description provided.

[github-actions]

🔍 Vulnerabilities of registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging

📦 Image Reference registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging

digest	sha256:56c36c67efcef36f81f10867d7bdb7a3aeff81054ca1ec6b9e817a4d7af9a987
vulnerabilities
size	1.1 GB
packages	918

📦 Base Image steamcmd/steamcmd:latest

also known as	ubuntu ubuntu-24 ubuntu-noble
digest	sha256:aa8c4ba74cc0bde31331bb73bc77ad76619109f34d0627f84b71e3560ec0d134
vulnerabilities

stdlib 1.22.2 (golang) pkg:golang/[email protected] Affected range >=1.22.0-0 <1.22.4 Fixed version 1.22.4 EPSS Score 0.06% EPSS Percentile 28th percentile Description The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.5 Fixed version 1.22.5 EPSS Score 0.04% EPSS Percentile 17th percentile Description The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.19% EPSS Percentile 57th percentile Description Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635. Affected range >=1.22.0-0 <1.22.4 Fixed version 1.22.4 EPSS Score 0.04% EPSS Percentile 11th percentile Description The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. Affected range <1.22.7 Fixed version 1.22.7 EPSS Score 0.04% EPSS Percentile 17th percentile Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion. Affected range >=1.22.0-0 <1.22.3 Fixed version 1.22.3 EPSS Score 0.04% EPSS Percentile 11th percentile Description A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.

setuptools 68.1.2 (pypi) pkg:pypi/[email protected] Improper Control of Generation of Code ('Code Injection') Affected range <70.0.0 Fixed version 70.0.0 CVSS Score 8.8 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N EPSS Score 0.04% EPSS Percentile 10th percentile Description A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

ffmpeg 7:6.1.1-3ubuntu5 (deb) pkg:deb/ubuntu/ffmpeg@7:6.1.1-3ubuntu5?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 8.8 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.82% EPSS Percentile 82nd percentile Description Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Affected range >=0 Fixed version Not Fixed CVSS Score 8.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H EPSS Score 0.21% EPSS Percentile 59th percentile Description A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. Affected range >=0 Fixed version Not Fixed CVSS Score 8.1 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H EPSS Score 0.21% EPSS Percentile 59th percentile Description A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. Affected range >=0 Fixed version Not Fixed CVSS Score 7.8 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.05% EPSS Percentile 23rd percentile Description FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 11th percentile Description A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-273651. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 11th percentile Description FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 11th percentile Description Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.

libsndfile 1.2.2-1ubuntu5 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 7.8 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.07% EPSS Percentile 31st percentile Description An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts. Affected range >=0 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.05% EPSS Percentile 18th percentile Description libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close. Affected range >=0 Fixed version Not Fixed CVSS Score 5.5 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.04% EPSS Percentile 10th percentile Description libsndfile through 1.2.2 has an ogg_vorbis.c vorbis_analysis_wrote out-of-bounds read.

openjpeg2 2.5.0-2ubuntu0.2 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file. Affected range >=0 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.13% EPSS Percentile 50th percentile Description An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.

libde265 1.0.15-1build3 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc

krb5 1.20.1-6ubuntu2.1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

samba 2:4.19.5+dfsg-4ubuntu9 (deb) pkg:deb/ubuntu/samba@2:4.19.5%2Bdfsg-4ubuntu9?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed Description Create Child permission should not allow full write to all attributes

libgcrypt20 1.10.3-2build1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

pixman 0.42.2-1build1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.06% EPSS Percentile 28th percentile Description stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

libopenmpt 0.7.3-1.1build3 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 9.8 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H EPSS Score 1.75% EPSS Percentile 88th percentile Description In libopenmpt before 0.3.19 and 0.4.x before 0.4.9, ModPlug_InstrumentName and ModPlug_SampleName in libopenmpt_modplug.c do not restrict the lengths of libmodplug output-buffer strings in the C API, leading to a buffer overflow.

cjson 1.7.17-1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.

python-pip 24.0+dfsg-1ubuntu1.1 (deb) pkg:deb/ubuntu/[email protected]%2Bdfsg-1ubuntu1.1?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value of verify. This behavior will continue for the lifecycle of the connection in the connection pool. This vulnerability is fixed in 2.32.0.

cairo 1.18.0-3build1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.20% EPSS Percentile 58th percentile Description An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. Affected range >=0 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.14% EPSS Percentile 51st percentile Description cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function). Affected range >=0 Fixed version Not Fixed CVSS Score 5.5 CVSS Vector CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.12% EPSS Percentile 48th percentile Description Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.

onevpl 2023.3.0-1build1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description NULL pointer dereference in some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable information disclosure via local access. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access. Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

poppler 24.02.0-1ubuntu9.1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 8.8 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.33% EPSS Percentile 71st percentile Description An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. Affected range >=0 Fixed version Not Fixed CVSS Score 8.8 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H EPSS Score 0.48% EPSS Percentile 76th percentile Description An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.

gnupg2 2.4.4-2ubuntu17 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 3.3 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L EPSS Score 0.05% EPSS Percentile 18th percentile Description GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

libpng1.6 1.6.43-5build1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 5.5 CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H EPSS Score 0.04% EPSS Percentile 14th percentile Description A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.

mbedtls 2.28.8-1 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 7.5 CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N EPSS Score 0.09% EPSS Percentile 40th percentile Description ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..

curl 8.5.0-2ubuntu10.4 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description HSTS subdomain overwrites parent cache entry

glibc 2.39-0ubuntu8.3 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.20% EPSS Percentile 59th percentile Description sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

openssl 3.0.13-0ubuntu3.4 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 17th percentile Description Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

coreutils 9.4-3ubuntu6 (deb) pkg:deb/ubuntu/[email protected]?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed CVSS Score 6.5 CVSS Vector CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N EPSS Score 0.04% EPSS Percentile 5th percentile Description chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

tiff 4.5.1+git230720-4ubuntu2.2 (deb) pkg:deb/ubuntu/[email protected]%2Bgit230720-4ubuntu2.2?os_distro=noble&os_name=ubuntu&os_version=24.04 Affected range >=0 Fixed version Not Fixed EPSS Score 0.04% EPSS Percentile 10th percentile Description Rejected reason: Invalid security issue.

[github-actions]

Overview

Image reference	registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging	registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging
- digest	a177d1900983	56c36c67efce
- tag	dev-wine-staging	dev-wine-staging
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	993 MB	1.1 GB (+122 MB)
- packages	898	918 (+20)
Base Image	steamcmd/steamcmd:latest	steamcmd/steamcmd:latest
- vulnerabilities

Packages and Vulnerabilities (152 package changes and 15 vulnerability changes)

• ➕ 82 packages added
• ➖ 63 packages removed
• ♾️ 7 packages changed
• 764 packages unchanged

• ❗ 13 vulnerabilities added
• ✔️ 2 vulnerabilities removed

Changes for packages of type deb (143 changes)

	Package	Version registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging	Version registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging
➖	aalib	1.4p5-51.1
➕	avahi-daemon		0.8-13ubuntu6
➕	chromaprint		1.5.1-5
➕	cjson		1.7.17-1
			Added vulnerabilities (1):
➖	duktape	2.7.0+tests-0ubuntu3
➖	fonts-liberation	1:2.1.5-3
➖	fonts-liberation-sans-narrow	1:1.07.6-4
➖	fonts-wine	9.0~repack-4build3
➕	game-music-emu		0.6.3-7build1
➕	gdbm		1.23-5.1build1
➖	glib-networking	2.80.0-1build1
➖	glib-networking-common	2.80.0-1build1
➖	glib-networking-services	2.80.0-1build1
➖	gst-plugins-good1.0	1.24.2-1ubuntu1
➖	gstreamer1.0-plugins-good	1.24.2-1ubuntu1
➖	gstreamer1.0-x	1.24.2-1ubuntu0.1
➕	ipp-usb		0.9.24-0ubuntu3.2
➖	libaa1	1.4p5-51.1
➕	libaacs		0.11.1-2build1
➕	libaacs0		0.11.1-2build1
➕	libavahi-core7		0.8-13ubuntu6
➖	libavc1394	0.5.4-5build3
➖	libavc1394-0	0.5.4-5build3
➕	libavformat60		7:6.1.1-3ubuntu5
➕	libbdplus		0.2.0-3build1
➕	libbdplus0		0.2.0-3build1
➕	libbluray		1:1.3.4-1build1
➕	libbluray2		1:1.3.4-1build1
➖	libcaca	0.99.beta20-4build2
➖	libcaca0	0.99.beta20-4build2
➖	libcapi20-3	1:3.27-3.1build1
➖	libcapi20-3t64	1:3.27-3.1build1
➕	libchromaprint1		1.5.1-5
➕	libcjson1		1.7.17-1
➕	libdaemon		0.14-7.1ubuntu4
➕	libdaemon0		0.14-7.1ubuntu4
➖	libduktape207	2.7.0+tests-0ubuntu3
➖	libdv	1.0.0-17.1build1
➖	libdv4t64	1.0.0-17.1build1
➕	libgdbm-compat4t64		1.23-5.1build1
➕	libgdbm6t64		1.23-5.1build1
➖	libgl1	1.7.0-1build1
➖	libgl1-amber-dri	21.3.9-0ubuntu2
➖	libgl1-mesa-dri	24.0.9-0ubuntu0.2
➕	libglu		9.0.2-1.1build1
➕	libglu1-mesa		9.0.2-1.1build1
➖	libglx-mesa0	24.0.9-0ubuntu0.2
➖	libglx0	1.7.0-1build1
➕	libgme0		0.6.3-7build1
➖	libgstreamer-plugins-good1.0-0	1.24.2-1ubuntu1
➖	libgudev	238-5ubuntu1
➖	libgudev-1.0-0	1:238-5ubuntu1
➖	libiec61883	1.2.0-6build1
➖	libiec61883-0	1.2.0-6build1
➕	libieee1284		0.2.11-14.1build1
➕	libieee1284-3t64		0.2.11-14.1build1
➕	libmbedcrypto7t64		2.28.8-1
♾️	libmpg123-0t64	1.32.5-1ubuntu1	1.32.5-1ubuntu1.1
➕	libnorm1t64		1.5.9+dfsg-3.1build1
➕	libnspr4		2:4.35-1.1build1
➕	libnss-mdns		0.15.1-4build1
➕	libnss3		2:3.98-1build1
➕	libopengl0		1.7.0-1build1
➕	libopenmpt		0.7.3-1.1build3
			Added vulnerabilities (1):
➕	libopenmpt0t64		0.7.3-1.1build3
➕	libpci3		1:3.10.0-2build1
➕	libperl5.38t64		5.38.2-3.2build2
➕	libpgm		5.3.128~dfsg-2.1build1
➕	libpgm-5.3-0t64		5.3.128~dfsg-2.1build1
➕	libpoppler-glib8t64		24.02.0-1ubuntu9.1
➕	libpoppler134		24.02.0-1ubuntu9.1
➖	libproxy	0.5.4-4build1
➖	libproxy1v5	0.5.4-4build1
➕	librabbitmq		0.11.0-1build2
➕	librabbitmq4		0.11.0-1build2
➖	libraw1394	2.1.2-2build3
➖	libraw1394-11	2.1.2-2build3
➕	librist		0.2.10+dfsg-2
➕	librist4		0.2.10+dfsg-2
➕	libsane-common		1.2.1-7build4
➕	libsane1		1.2.1-7build4
➖	libshout	2.4.6-1build2
➖	libshout3	2.4.6-1build2
➖	libslang2	2.3.3-3build2
➕	libsnmp-base		5.9.4+dfsg-1.1ubuntu3
➕	libsnmp40t64		5.9.4+dfsg-1.1ubuntu3
➕	libsodium		1.0.18-1build3
➕	libsodium23		1.0.18-1build3
➖	libsoup-3.0-0	3.4.4-5build2
➖	libsoup-3.0-common	3.4.4-5build2
➖	libsoup3	3.4.4-5build2
➕	libsrt1.5-gnutls		1.5.3-1build2
➕	libssh-gcrypt-4		0.10.6-2build2
➖	libtag1v5	1.13.1-1build1
➖	libtag1v5-vanilla	1.13.1-1build1
➕	libudfread		1.1.2-1build1
➕	libudfread0		1.1.2-1build1
➕	libvorbisfile3		1.3.7-1build3
➖	libvulkan1	1.3.275.0-1build1
➖	libwavpack1	5.6.0-1build1
➖	libwine	9.0~repack-4build3
➕	libwrap0		7.6.q-33
➖	libxcb-glx0	1.15-1ubuntu2
➖	libxv	2:1.0.11-1.1build1
➖	libxv1	2:1.0.11-1.1build1
➖	libz-mingw-w64	1.3.1+dfsg-1
➕	libzmq5		4.3.5-1build2
➕	mbedtls		2.28.8-1
			Added vulnerabilities (1):
➖	mesa-amber	21.3.9-0ubuntu2
➖	mesa-vulkan-drivers	24.0.9-0ubuntu0.2
♾️	mpg123	1.32.5-1ubuntu1	1.32.5-1ubuntu1.1
		Removed vulnerabilities (1):
➕	net-snmp		5.9.4+dfsg-1.1ubuntu3
➕	norm		1.5.9+dfsg-3.1build1
➕	nspr		2:4.35-1.1build1
➕	nss		2:3.98-1build1
➕	nss-mdns		0.15.1-4build1
➕	pci.ids		0.0~2024.03.31-1
➕	pciutils		1:3.10.0-2build1
➕	perl-modules-5.38		5.38.2-3.2build2
➕	poppler		24.02.0-1ubuntu9.1
			Added vulnerabilities (2):
➕	poppler-data		0.4.12-1
➕	sane-airscan		0.99.29-0ubuntu4
➕	sane-backends		1.2.1-7build4
➕	sane-utils		1.2.1-7build4
➖	slang2	2.3.3-3build2
➕	srt		1.5.3-1build2
➕	systemd-hwe		255.1.4
➕	systemd-hwe-hwdb		255.1.4
➖	taglib	1.13.1-1build1
➕	tcp-wrappers		7.6.q-33
➕	udev		255.4-1ubuntu8.4
➕	update-inetd		4.53
➖	vulkan-loader	1.3.275.0-1build1
➖	wavpack	5.6.0-1build1
		Removed vulnerabilities (1):
➖	wine	9.0~repack-4build3
➖	wine-stable	3.0.1ubuntu1
➕	wine-staging		9.20~noble-1
➕	wine-staging-amd64		9.20~noble-1
➕	wine-staging-i386		9.20~noble-1
➖	wine1.6	1:3.0.1ubuntu1
➖	wine32	9.0~repack-4build3
➖	wine64	9.0~repack-4build3
➕	zeromq3		4.3.5-1build2

Changes for packages of type golang (2 changes)

	Package	Version registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging	Version registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging
➕	github.com/openprinting/ipp-usb		(devel)
➕	stdlib		go1.22.2

Changes for packages of type nuget (7 changes)

	Package	Version registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging	Version registry.hub.docker.com/mornedhels/enshrouded-server:dev-wine-staging
♾️	Wine Common Controls	5.81	6.00.4704.1100
♾️	Wine D3D	9.0	9.20
♾️	Wine OLE dll	6.0.6001.18000	10.0.19043.1466
♾️	Wine Vulkan ICD	9.0	9.20
♾️	Wine Vulkan Loader	9.0	9.20
➖	zlib	1.3.1
➖	zlib1	1.3.1

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.