Vulnerability Report
- Name:
- hewittfam_core-ddns-docker-watcher
- Type:
- image
- Checksum:
- sha256:79b8d7711a27532168c66e2371bddabfa0b08c31576f62048ea281e6a1ca353b
- Date:
- 2026-01-07T04:59:11.090544846Z
Critical
0
High
2
Medium
9
Low
6
Unknown
0
| Name | Version | Type | Vulnerability | Severity | Risk | State | Fixed In | Description | Related URLs | PURL |
|---|---|---|---|---|---|---|---|---|---|---|
| ada-libs | 2.9.2-r4 | apk | CVE-2024-9410 | Medium | 0.06% | unknown | N/A | Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint. | ["https://www.tenable.com/security/research/tra-2024-41"] | pkg:apk/alpine/ada-libs@2.9.2-r4?arch=x86_64&distro=alpine-3.22.1&upstream=ada |
| busybox | 1.37.0-r18 | apk | CVE-2025-60876 | Medium | 0.03% | N/A | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). | ["https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092","https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm","https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm"] | pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1 | |
| busybox-binsh | 1.37.0-r18 | apk | CVE-2025-60876 | Medium | 0.03% | N/A | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). | ["https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092","https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm","https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm"] | pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1&upstream=busybox | |
| ssl_client | 1.37.0-r18 | apk | CVE-2025-60876 | Medium | 0.03% | N/A | BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). | ["https://gist.github.com/subyumatest/41554af6a72aedaacaec026adc311092","https://lists.busybox.net/pipermail/busybox/attachments/20250823/ccdc96ef/attachment-0001.htm","https://lists.busybox.net/pipermail/busybox/attachments/20250828/e7f90492/attachment.htm"] | pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1&upstream=busybox | |
| c-ares | 1.34.5-r0 | apk | CVE-2025-62408 | Medium | 0.03% | fixed |
|
[] | pkg:apk/alpine/c-ares@1.34.5-r0?arch=x86_64&distro=alpine-3.22.1 | |
| libcrypto3 | 3.5.1-r0 | apk | CVE-2025-9230 | High | 0.02% | fixed |
|
[] | pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64&distro=alpine-3.22.1&upstream=openssl | |
| libssl3 | 3.5.1-r0 | apk | CVE-2025-9230 | High | 0.02% | fixed |
|
[] | pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64&distro=alpine-3.22.1&upstream=openssl | |
| libcrypto3 | 3.5.1-r0 | apk | CVE-2025-9232 | Medium | 0.02% | fixed |
|
[] | pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64&distro=alpine-3.22.1&upstream=openssl | |
| libssl3 | 3.5.1-r0 | apk | CVE-2025-9232 | Medium | 0.02% | fixed |
|
[] | pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64&distro=alpine-3.22.1&upstream=openssl | |
| libcrypto3 | 3.5.1-r0 | apk | CVE-2025-9231 | Medium | 0.01% | fixed |
|
[] | pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64&distro=alpine-3.22.1&upstream=openssl | |
| libssl3 | 3.5.1-r0 | apk | CVE-2025-9231 | Medium | 0.01% | fixed |
|
[] | pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64&distro=alpine-3.22.1&upstream=openssl | |
| busybox | 1.37.0-r18 | apk | CVE-2024-58251 | Low | 0.01% | fixed |
|
[] | pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1 | |
| busybox-binsh | 1.37.0-r18 | apk | CVE-2024-58251 | Low | 0.01% | fixed |
|
[] | pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1&upstream=busybox | |
| ssl_client | 1.37.0-r18 | apk | CVE-2024-58251 | Low | 0.01% | fixed |
|
[] | pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1&upstream=busybox | |
| busybox | 1.37.0-r18 | apk | CVE-2025-46394 | Low | 0.01% | fixed |
|
[] | pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1 | |
| busybox-binsh | 1.37.0-r18 | apk | CVE-2025-46394 | Low | 0.01% | fixed |
|
[] | pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1&upstream=busybox | |
| ssl_client | 1.37.0-r18 | apk | CVE-2025-46394 | Low | 0.01% | fixed |
|
[] | pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64&distro=alpine-3.22.1&upstream=busybox |