I’m using this Docker image uroni/urbackup-server:2.4.x
It has not been updated in 2 years and it contains several critical vulnerabilities. Please, update the image and implement some “vulnerability bot” or “GitHub action” to auto-update the image when required.
You can use this tool to analyze images: https://github.com/anchore/grype
grype uroni/urbackup-server:2.4.x --only-fixed
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [116 packages]
✔ Scanned image [357 vulnerabilities]
NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY
apt 1.4.10 1.4.11 CVE-2020-27350 Medium
e2fslibs 1.43.4-2+deb9u1 1.43.4-2+deb9u2 CVE-2019-5188 Medium
e2fsprogs 1.43.4-2+deb9u1 1.43.4-2+deb9u2 CVE-2019-5188 Medium
libapt-pkg5.0 1.4.10 1.4.11 CVE-2020-27350 Medium
libcomerr2 1.43.4-2+deb9u1 1.43.4-2+deb9u2 CVE-2019-5188 Medium
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u15 CVE-2021-22924 Low
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u16 CVE-2021-22946 High
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u16 CVE-2021-22947 Medium
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u11 CVE-2020-8177 High
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u12 CVE-2020-8231 High
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u13 CVE-2020-8284 Low
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u13 CVE-2020-8285 High
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u13 CVE-2020-8286 High
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u14 CVE-2021-22876 Medium
libcurl3 7.52.1-5+deb9u10 7.52.1-5+deb9u15 CVE-2021-22898 Low
libelf1 0.168-1 0.168-1+deb9u1 CVE-2018-16062 Medium
libelf1 0.168-1 0.168-1+deb9u1 CVE-2018-16402 Critical
libelf1 0.168-1 0.168-1+deb9u1 CVE-2018-18310 Medium
libelf1 0.168-1 0.168-1+deb9u1 CVE-2018-18520 Medium
libelf1 0.168-1 0.168-1+deb9u1 CVE-2018-18521 Medium
libelf1 0.168-1 0.168-1+deb9u1 CVE-2019-7150 Medium
libelf1 0.168-1 0.168-1+deb9u1 CVE-2019-7665 Medium
libgcrypt20 1.7.6-2+deb9u3 1.7.6-2+deb9u4 CVE-2021-40528 Medium
libgmp10 2:6.1.2+dfsg-1 2:6.1.2+dfsg-1+deb9u1 CVE-2021-43618 High
libgnutls30 3.5.8-5+deb9u4 3.5.8-5+deb9u5 CVE-2019-3829 High
libgssapi-krb5-2 1.15-1+deb9u1 1.15-1+deb9u2 CVE-2020-28196 High
libgssapi-krb5-2 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-20217 Medium
libgssapi-krb5-2 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5729 Medium
libgssapi-krb5-2 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5730 Low
libgssapi-krb5-2 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2021-37750 Medium
libhogweed4 3.3-1+b2 3.3-1+deb9u1 CVE-2021-20305 High
libhogweed4 3.3-1+b2 3.3-1+deb9u1 CVE-2021-3580 High
libk5crypto3 1.15-1+deb9u1 1.15-1+deb9u2 CVE-2020-28196 High
libk5crypto3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-20217 Medium
libk5crypto3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5729 Medium
libk5crypto3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5730 Low
libk5crypto3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2021-37750 Medium
libkrb5-3 1.15-1+deb9u1 1.15-1+deb9u2 CVE-2020-28196 High
libkrb5-3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-20217 Medium
libkrb5-3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5729 Medium
libkrb5-3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5730 Low
libkrb5-3 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2021-37750 Medium
libkrb5support0 1.15-1+deb9u1 1.15-1+deb9u2 CVE-2020-28196 High
libkrb5support0 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-20217 Medium
libkrb5support0 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5729 Medium
libkrb5support0 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2018-5730 Low
libkrb5support0 1.15-1+deb9u1 1.15-1+deb9u3 CVE-2021-37750 Medium
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u5 CVE-2020-25692 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u6 CVE-2020-25709 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u6 CVE-2020-25710 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36221 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36222 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36223 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36224 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36225 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36226 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36227 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36228 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36229 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36230 High
libldap-2.4-2 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u8 CVE-2021-27212 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u5 CVE-2020-25692 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u6 CVE-2020-25709 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u6 CVE-2020-25710 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36221 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36222 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36223 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36224 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36225 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36226 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36227 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36228 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36229 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u7 CVE-2020-36230 High
libldap-common 2.4.44+dfsg-5+deb9u4 2.4.44+dfsg-5+deb9u8 CVE-2021-27212 High
liblz4-1 0.0~r131-2+b1 0.0~r131-2+deb9u1 CVE-2021-3520 Critical
libnettle6 3.3-1+b2 3.3-1+deb9u1 CVE-2021-20305 High
libnettle6 3.3-1+b2 3.3-1+deb9u1 CVE-2021-3580 High
libnghttp2-14 1.18.1-1+deb9u1 1.18.1-1+deb9u2 CVE-2020-11080 High
libnghttp2-14 1.18.1-1+deb9u1 1.18.1-1+deb9u2 CVE-2018-1000168 High
libp11-kit0 0.23.3-2 0.23.3-2+deb9u1 CVE-2020-29361 High
libp11-kit0 0.23.3-2 0.23.3-2+deb9u1 CVE-2020-29362 Medium
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2018-20346 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2018-20506 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2018-8740 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-16168 Medium
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u3 CVE-2019-20218 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-9936 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-9937 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-11655 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13434 Medium
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13630 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13632 Medium
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13871 High
libsqlite3-0 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-5827 High
libss2 1.43.4-2+deb9u1 1.43.4-2+deb9u2 CVE-2019-5188 Medium
libssh2-1 1.7.0-1+deb9u1 1.7.0-1+deb9u2 CVE-2019-13115 High
libssh2-1 1.7.0-1+deb9u1 1.7.0-1+deb9u2 CVE-2019-17498 High
libssl1.0.2 1.0.2u-1~deb9u1 1.0.2u-1~deb9u2 CVE-2020-1968 Low
libssl1.0.2 1.0.2u-1~deb9u1 1.0.2u-1~deb9u3 CVE-2020-1971 Medium
libssl1.0.2 1.0.2u-1~deb9u1 1.0.2u-1~deb9u4 CVE-2021-23840 High
libssl1.0.2 1.0.2u-1~deb9u1 1.0.2u-1~deb9u4 CVE-2021-23841 Medium
libssl1.0.2 1.0.2u-1~deb9u1 1.0.2u-1~deb9u6 CVE-2021-3712 High
libsystemd0 232-25+deb9u12 232-25+deb9u13 CVE-2021-33910 Medium
libudev1 232-25+deb9u12 232-25+deb9u13 CVE-2021-33910 Medium
login 1:4.4-4.1 1:4.4-4.1+deb9u1 CVE-2017-12424 Critical
login 1:4.4-4.1 1:4.4-4.1+deb9u1 CVE-2017-20002 High
passwd 1:4.4-4.1 1:4.4-4.1+deb9u1 CVE-2017-12424 Critical
passwd 1:4.4-4.1 1:4.4-4.1+deb9u1 CVE-2017-20002 High
perl-base 5.24.1-3+deb9u6 5.24.1-3+deb9u7 CVE-2020-10543 High
perl-base 5.24.1-3+deb9u6 5.24.1-3+deb9u7 CVE-2020-10878 High
perl-base 5.24.1-3+deb9u6 5.24.1-3+deb9u7 CVE-2020-12723 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2018-20346 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2018-20506 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2018-8740 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-16168 Medium
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u3 CVE-2019-20218 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-9936 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-9937 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-11655 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13434 Medium
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13630 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13632 Medium
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2020-13871 High
sqlite3 3.16.2-5+deb9u1 3.16.2-5+deb9u2 CVE-2019-5827 High
tar 1.29b-1.1 1.29b-1.1+deb9u1 CVE-2018-20482 Medium