Commit new App releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
c72abc9eaa
commit
fa85182be8
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd
|
||||
generated: "2021-12-03T14:11:56.150356505Z"
|
Binary file not shown.
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="mariadb-1.0.20"></a>
|
||||
### [mariadb-1.0.20](https://github.com/truecharts/apps/compare/mariadb-1.0.19...mariadb-1.0.20) (2021-12-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452))
|
||||
|
||||
|
||||
|
||||
<a name="mariadb-1.0.19"></a>
|
||||
### [mariadb-1.0.19](https://github.com/truecharts/apps/compare/mariadb-1.0.18...mariadb-1.0.19) (2021-12-03)
|
||||
|
||||
|
@ -88,12 +97,3 @@
|
|||
<a name="mariadb-1.0.8"></a>
|
||||
### [mariadb-1.0.8](https://github.com/truecharts/apps/compare/mariadb-1.0.7...mariadb-1.0.8) (2021-11-22)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380))
|
||||
|
||||
|
||||
|
||||
<a name="mariadb-1.0.6"></a>
|
||||
### [mariadb-1.0.6](https://github.com/truecharts/apps/compare/mariadb-1.0.5...mariadb-1.0.6) (2021-11-21)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.10
|
||||
digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc
|
||||
generated: "2021-12-03T19:46:58.41944868Z"
|
|
@ -3,7 +3,7 @@ appVersion: "10.6.5"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
version: 8.9.10
|
||||
deprecated: false
|
||||
description: Fast, reliable, scalable, and easy to use open-source relational database system.
|
||||
home: https://github.com/truecharts/apps/tree/master/stable/mariadb
|
||||
|
@ -24,7 +24,7 @@ sources:
|
|||
- https://github.com/prometheus/mysqld_exporter
|
||||
- https://mariadb.org
|
||||
type: application
|
||||
version: 1.0.19
|
||||
version: 1.0.20
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- database
|
|
@ -19,7 +19,7 @@ Kubernetes: `>=1.16.0-0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.9.7 |
|
||||
| https://truecharts.org | common | 8.9.10 |
|
||||
|
||||
## Installing the Chart
|
||||
|
Binary file not shown.
|
@ -0,0 +1,909 @@
|
|||
# Security Scan
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
```
|
||||
2021-12-03T19:47:19.916Z [34mINFO[0m Need to update the built-in policies
|
||||
2021-12-03T19:47:19.916Z [34mINFO[0m Downloading the built-in policies...
|
||||
2021-12-03T19:47:20.611Z [34mINFO[0m Detected config files: 1
|
||||
|
||||
mariadb/templates/common.yaml (kubernetes)
|
||||
==========================================
|
||||
Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0)
|
||||
Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-mariadb' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-mariadb' |
|
||||
| | | | | should add 'ALL' to |
|
||||
| | | | | 'securityContext.capabilities.drop' |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv003 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.runAsNonRoot' to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv012 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-mariadb' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-mariadb' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-mariadb' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-mariadb' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.readOnlyRootFilesystem' |
|
||||
| | | | | to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv014 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.readOnlyRootFilesystem' |
|
||||
| | | | | to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv014 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-mariadb' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-mariadb' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-mariadb' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-mariadb' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-mariadb' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-mariadb' should set |
|
||||
| | | | | 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-mariadb' should |
|
||||
| | | | | set 'spec.securityContext.runAsGroup', |
|
||||
| | | | | 'spec.securityContext.supplementalGroups[*]' |
|
||||
| | | | | and 'spec.securityContext.fsGroup' |
|
||||
| | | | | to integer greater than 0 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv029 |
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
```
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0
|
||||
|
||||
##### Scan Results
|
||||
|
||||
**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
|
||||
|
||||
```
|
||||
2021-12-03T19:47:20.698Z [34mINFO[0m Need to update DB
|
||||
2021-12-03T19:47:20.698Z [34mINFO[0m Downloading DB...
|
||||
2021-12-03T19:47:24.464Z [34mINFO[0m Detected OS: alpine
|
||||
2021-12-03T19:47:24.464Z [34mINFO[0m Detecting Alpine vulnerabilities...
|
||||
2021-12-03T19:47:24.466Z [34mINFO[0m Number of language-specific files: 0
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
=========================================================================================================================
|
||||
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
|
||||
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+ +---------------+---------------------------------------+
|
||||
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
```
|
||||
|
||||
**Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0**
|
||||
|
||||
```
|
||||
2021-12-03T19:47:29.346Z [34mINFO[0m Detected OS: debian
|
||||
2021-12-03T19:47:29.346Z [34mINFO[0m Detecting Debian vulnerabilities...
|
||||
2021-12-03T19:47:29.362Z [34mINFO[0m Number of language-specific files: 2
|
||||
2021-12-03T19:47:29.362Z [34mINFO[0m Detecting gobinary vulnerabilities...
|
||||
|
||||
tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11)
|
||||
=========================================================================================================================
|
||||
Total: 144 (UNKNOWN: 0, LOW: 104, MEDIUM: 12, HIGH: 24, CRITICAL: 4)
|
||||
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
|
||||
| | | | | | equal to its real UID the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
|
||||
| | | | | | session can escape to the |
|
||||
| | | | | | parent session in chroot |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-18018 | | | | coreutils: race condition |
|
||||
| | | | | | vulnerability in chown and chgrp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
|
||||
| | | | | | TLS not properly enforced |
|
||||
| | | | | | for IMAP, POP3, and... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
|
||||
| | | | | | received before STARTTLS |
|
||||
| | | | | | processed after TLS handshake |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
|
||||
| | | | | | contents disclosure |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22922 | | | | curl: Content not matching hash |
|
||||
| | | | | | in Metalink is not being discarded |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22923 | | | | curl: Metalink download |
|
||||
| | | | | | sends credentials |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
|
||||
| | | | | | due to flawed path name checks |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
|
||||
| | | | | | Forgeries with SHA-1 |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
|
||||
| | | | | | backtrace functions for powerpc |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
|
||||
| | | | | | function when expanding ~user |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
|
||||
| | | | | | ISO-2022-JP-3 gconv module |
|
||||
| | | | | | related to combining characters |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
|
||||
| | | | | | iconv when processing invalid |
|
||||
| | | | | | multi-byte input sequences in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-10029 | | | | glibc: stack corruption |
|
||||
| | | | | | from crafted input in cosl, |
|
||||
| | | | | | sinl, sincosl, and tanl... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-27618 | | | | glibc: iconv when processing |
|
||||
| | | | | | invalid multi-byte input |
|
||||
| | | | | | sequences fails to advance the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
|
||||
| | | | | | when invoked with the -c option |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
|
||||
| | | | | | not ignored in setuid binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-6096 | | | | glibc: signed comparison |
|
||||
| | | | | | vulnerability in the |
|
||||
| | | | | | ARMv7 memcpy function |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
|
||||
| | | | | | addgetnetgrentX function |
|
||||
| | | | | | in netgroupcache.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
|
||||
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
|
||||
| | | | | | backtrace functions for powerpc |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
|
||||
| | | | | | function when expanding ~user |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
|
||||
| | | | | | ISO-2022-JP-3 gconv module |
|
||||
| | | | | | related to combining characters |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
|
||||
| | | | | | iconv when processing invalid |
|
||||
| | | | | | multi-byte input sequences in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-10029 | | | | glibc: stack corruption |
|
||||
| | | | | | from crafted input in cosl, |
|
||||
| | | | | | sinl, sincosl, and tanl... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-27618 | | | | glibc: iconv when processing |
|
||||
| | | | | | invalid multi-byte input |
|
||||
| | | | | | sequences fails to advance the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
|
||||
| | | | | | when invoked with the -c option |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
|
||||
| | | | | | not ignored in setuid binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-6096 | | | | glibc: signed comparison |
|
||||
| | | | | | vulnerability in the |
|
||||
| | | | | | ARMv7 memcpy function |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
|
||||
| | | | | | addgetnetgrentX function |
|
||||
| | | | | | in netgroupcache.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
|
||||
| | | | | | TLS not properly enforced |
|
||||
| | | | | | for IMAP, POP3, and... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
|
||||
| | | | | | received before STARTTLS |
|
||||
| | | | | | processed after TLS handshake |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
|
||||
| | | | | | contents disclosure |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22922 | | | | curl: Content not matching hash |
|
||||
| | | | | | in Metalink is not being discarded |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22923 | | | | curl: Metalink download |
|
||||
| | | | | | sends credentials |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
|
||||
| | | | | | due to flawed path name checks |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal |
|
||||
| | | | | | encryption because it lacks |
|
||||
| | | | | | exponent blinding to address a... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack |
|
||||
| | | | | | allowing private key leak |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
|
||||
| | | | | | doesn't have semantic security due |
|
||||
| | | | | | to incorrectly encoded plaintexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant |
|
||||
| | | | | | buffer overflow via crafted input |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext |
|
||||
| | | | | | attack against SSL/TLS (BEAST) |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
|
||||
| | | | | | fails to perform the roundtrip |
|
||||
| | | | | | checks specified in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword |
|
||||
| | | | | | mode cipherstring parsing |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
|
||||
| | | | | | via PID file manipulation |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-17740 | | | | openldap: |
|
||||
| | | | | | contrib/slapd-modules/nops/nops.c |
|
||||
| | | | | | attempts to free stack buffer |
|
||||
| | | | | | allowing remote attackers to cause... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-15719 | | | | openldap: Certificate |
|
||||
| | | | | | validation incorrectly |
|
||||
| | | | | | matches name against CN-ID |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword |
|
||||
| | | | | | mode cipherstring parsing |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
|
||||
| | | | | | via PID file manipulation |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-17740 | | | | openldap: |
|
||||
| | | | | | contrib/slapd-modules/nops/nops.c |
|
||||
| | | | | | attempts to free stack buffer |
|
||||
| | | | | | allowing remote attackers to cause... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-15719 | | | | openldap: Certificate |
|
||||
| | | | | | validation incorrectly |
|
||||
| | | | | | matches name against CN-ID |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer |
|
||||
| | | | | | overflow in LZ4_write32 |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+ + + +---------------+ +
|
||||
| libncursesw6 | | | | | |
|
||||
| | | | | | |
|
||||
| | | | | | |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS |
|
||||
| | | | | | frames can lead to DoS |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when |
|
||||
| | | | | | parsing callout numeric arguments |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the |
|
||||
| | | | | | match function in pcre_exec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-16231 | | | | pcre: self-recursive call |
|
||||
| | | | | | in match() in pcre_exec.c |
|
||||
| | | | | | leads to denial of service... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
|
||||
| | | | | | when UTF is disabled and \X or... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation |
|
||||
| | | | | | of syscall filters in libseccomp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
|
||||
| | | | | | cil_reset_classpermission() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
|
||||
| | | | | | overflow in ebitmap_match_any() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in |
|
||||
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|
||||
| | | | | | in kex.c leads to out-of-bounds write |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in |
|
||||
| | | | | | SSH_MSG_DISCONNECT logic in packet.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser |
|
||||
| | | | | | can create SUID/SGID binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
|
||||
| | | | | | can get new privileges and |
|
||||
| | | | | | create SGID binaries... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
|
||||
| | | | | | in login/logind-button.c when |
|
||||
| | | | | | udev events are received... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
|
||||
| | | | | | usernames beginning with decimal |
|
||||
| | | | | | digits or 0x followed by... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
|
||||
| | | | | | _asn1_expand_object_id(ptree) |
|
||||
| | | | | | leads to memory exhaustion |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser |
|
||||
| | | | | | can create SUID/SGID binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
|
||||
| | | | | | can get new privileges and |
|
||||
| | | | | | create SGID binaries... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
|
||||
| | | | | | in login/logind-button.c when |
|
||||
| | | | | | udev events are received... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
|
||||
| | | | | | usernames beginning with decimal |
|
||||
| | | | | | digits or 0x followed by... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion |
|
||||
| | | | | | in parameter entities |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External |
|
||||
| | | | | | Entity vulnerability |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| login | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
|
||||
| | | | | | allows unprivileged user to |
|
||||
| | | | | | drop supplementary groups |
|
||||
| | | | | | potentially allowing privilege... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
|
||||
| | | | | | allows unprivileged user to |
|
||||
| | | | | | drop supplementary groups |
|
||||
| | | | | | potentially allowing privilege... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
|
||||
| | | | | | temporary file handling |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user |
|
||||
| | | | | | when extracting setuid or setgid... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
|
||||
| | | | | | in pax_decode_header in sparse.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-20193 | | | | tar: Memory leak in |
|
||||
| | | | | | read_header() in list.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
|
||||
opt/bitnami/common/bin/gosu (gobinary)
|
||||
======================================
|
||||
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
|
||||
opt/bitnami/common/bin/ini-file (gobinary)
|
||||
==========================================
|
||||
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
```
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd
|
||||
generated: "2021-12-03T14:12:28.171429869Z"
|
Binary file not shown.
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="memcached-1.0.20"></a>
|
||||
### [memcached-1.0.20](https://github.com/truecharts/apps/compare/memcached-1.0.19...memcached-1.0.20) (2021-12-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452))
|
||||
|
||||
|
||||
|
||||
<a name="memcached-1.0.19"></a>
|
||||
### [memcached-1.0.19](https://github.com/truecharts/apps/compare/memcached-1.0.18...memcached-1.0.19) (2021-12-03)
|
||||
|
||||
|
@ -88,12 +97,3 @@
|
|||
<a name="memcached-1.0.7"></a>
|
||||
### [memcached-1.0.7](https://github.com/truecharts/apps/compare/memcached-1.0.6...memcached-1.0.7) (2021-11-18)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major ([#1350](https://github.com/truecharts/apps/issues/1350))
|
||||
|
||||
|
||||
|
||||
<a name="memcached-1.0.6"></a>
|
||||
### [memcached-1.0.6](https://github.com/truecharts/apps/compare/memcached-1.0.5...memcached-1.0.6) (2021-11-16)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.10
|
||||
digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc
|
||||
generated: "2021-12-03T19:48:03.942785444Z"
|
|
@ -3,7 +3,7 @@ appVersion: "1.6.12"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
version: 8.9.10
|
||||
deprecated: false
|
||||
description: Memcached is a memory-backed database caching solution
|
||||
home: https://github.com/truecharts/apps/tree/master/stable/memcached
|
||||
|
@ -22,7 +22,7 @@ sources:
|
|||
- https://github.com/bitnami/bitnami-docker-memcached
|
||||
- http://memcached.org/
|
||||
type: application
|
||||
version: 1.0.19
|
||||
version: 1.0.20
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- database
|
|
@ -18,7 +18,7 @@ Kubernetes: `>=1.16.0-0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.9.7 |
|
||||
| https://truecharts.org | common | 8.9.10 |
|
||||
|
||||
## Installing the Chart
|
||||
|
Binary file not shown.
|
@ -0,0 +1,878 @@
|
|||
# Security Scan
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
```
|
||||
2021-12-03T19:48:25.464Z [34mINFO[0m Detected config files: 1
|
||||
|
||||
memcached/templates/common.yaml (kubernetes)
|
||||
============================================
|
||||
Tests: 39 (SUCCESSES: 28, FAILURES: 11, EXCEPTIONS: 0)
|
||||
Failures: 11 (UNKNOWN: 0, LOW: 4, MEDIUM: 7, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
+---------------------------+------------+-----------------------------------+----------+------------------------------------------+
|
||||
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
|
||||
+---------------------------+------------+-----------------------------------+----------+------------------------------------------+
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-memcached' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-memcached' |
|
||||
| | | | | should add 'ALL' to |
|
||||
| | | | | 'securityContext.capabilities.drop' |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv003 |
|
||||
+ +------------+-----------------------------------+----------+------------------------------------------+
|
||||
| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-memcached' should set |
|
||||
| | | | | 'securityContext.runAsNonRoot' to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv012 |
|
||||
+ +------------+-----------------------------------+----------+------------------------------------------+
|
||||
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-memcached' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-memcached' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ + + + +------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-memcached' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ +------------+-----------------------------------+ +------------------------------------------+
|
||||
| | KSV014 | Root file system is not read-only | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-memcached' should set |
|
||||
| | | | | 'securityContext.readOnlyRootFilesystem' |
|
||||
| | | | | to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv014 |
|
||||
+ +------------+-----------------------------------+----------+------------------------------------------+
|
||||
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-memcached' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-memcached' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ + + + +------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-memcached' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ +------------+-----------------------------------+ +------------------------------------------+
|
||||
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-memcached' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-memcached' should set |
|
||||
| | | | | 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ + + + +------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-memcached' should set |
|
||||
| | | | | 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ +------------+-----------------------------------+ +------------------------------------------+
|
||||
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-memcached' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-memcached' should set |
|
||||
| | | | | 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ + + + +------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-memcached' should set |
|
||||
| | | | | 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+---------------------------+------------+-----------------------------------+----------+------------------------------------------+
|
||||
```
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569
|
||||
|
||||
##### Scan Results
|
||||
|
||||
**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
|
||||
|
||||
```
|
||||
2021-12-03T19:48:26.594Z [34mINFO[0m Detected OS: alpine
|
||||
2021-12-03T19:48:26.594Z [34mINFO[0m Detecting Alpine vulnerabilities...
|
||||
2021-12-03T19:48:26.602Z [34mINFO[0m Number of language-specific files: 0
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
=========================================================================================================================
|
||||
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
|
||||
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+ +---------------+---------------------------------------+
|
||||
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
```
|
||||
|
||||
**Container: tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569**
|
||||
|
||||
```
|
||||
2021-12-03T19:48:28.787Z [34mINFO[0m Detected OS: debian
|
||||
2021-12-03T19:48:28.787Z [34mINFO[0m Detecting Debian vulnerabilities...
|
||||
2021-12-03T19:48:28.804Z [34mINFO[0m Number of language-specific files: 1
|
||||
2021-12-03T19:48:28.804Z [34mINFO[0m Detecting gobinary vulnerabilities...
|
||||
|
||||
tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 (debian 10.11)
|
||||
===========================================================================================================================
|
||||
Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4)
|
||||
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
|
||||
| | | | | | equal to its real UID the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
|
||||
| | | | | | session can escape to the |
|
||||
| | | | | | parent session in chroot |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-18018 | | | | coreutils: race condition |
|
||||
| | | | | | vulnerability in chown and chgrp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
|
||||
| | | | | | TLS not properly enforced |
|
||||
| | | | | | for IMAP, POP3, and... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
|
||||
| | | | | | received before STARTTLS |
|
||||
| | | | | | processed after TLS handshake |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
|
||||
| | | | | | contents disclosure |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22922 | | | | curl: Content not matching hash |
|
||||
| | | | | | in Metalink is not being discarded |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22923 | | | | curl: Metalink download |
|
||||
| | | | | | sends credentials |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
|
||||
| | | | | | due to flawed path name checks |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
|
||||
| | | | | | Forgeries with SHA-1 |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
|
||||
| | | | | | backtrace functions for powerpc |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
|
||||
| | | | | | function when expanding ~user |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
|
||||
| | | | | | ISO-2022-JP-3 gconv module |
|
||||
| | | | | | related to combining characters |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
|
||||
| | | | | | iconv when processing invalid |
|
||||
| | | | | | multi-byte input sequences in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-10029 | | | | glibc: stack corruption |
|
||||
| | | | | | from crafted input in cosl, |
|
||||
| | | | | | sinl, sincosl, and tanl... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-27618 | | | | glibc: iconv when processing |
|
||||
| | | | | | invalid multi-byte input |
|
||||
| | | | | | sequences fails to advance the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
|
||||
| | | | | | when invoked with the -c option |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
|
||||
| | | | | | not ignored in setuid binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-6096 | | | | glibc: signed comparison |
|
||||
| | | | | | vulnerability in the |
|
||||
| | | | | | ARMv7 memcpy function |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
|
||||
| | | | | | addgetnetgrentX function |
|
||||
| | | | | | in netgroupcache.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
|
||||
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
|
||||
| | | | | | backtrace functions for powerpc |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
|
||||
| | | | | | function when expanding ~user |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
|
||||
| | | | | | ISO-2022-JP-3 gconv module |
|
||||
| | | | | | related to combining characters |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
|
||||
| | | | | | iconv when processing invalid |
|
||||
| | | | | | multi-byte input sequences in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-10029 | | | | glibc: stack corruption |
|
||||
| | | | | | from crafted input in cosl, |
|
||||
| | | | | | sinl, sincosl, and tanl... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-27618 | | | | glibc: iconv when processing |
|
||||
| | | | | | invalid multi-byte input |
|
||||
| | | | | | sequences fails to advance the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
|
||||
| | | | | | when invoked with the -c option |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
|
||||
| | | | | | not ignored in setuid binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-6096 | | | | glibc: signed comparison |
|
||||
| | | | | | vulnerability in the |
|
||||
| | | | | | ARMv7 memcpy function |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
|
||||
| | | | | | addgetnetgrentX function |
|
||||
| | | | | | in netgroupcache.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
|
||||
| | | | | | TLS not properly enforced |
|
||||
| | | | | | for IMAP, POP3, and... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
|
||||
| | | | | | received before STARTTLS |
|
||||
| | | | | | processed after TLS handshake |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
|
||||
| | | | | | contents disclosure |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22922 | | | | curl: Content not matching hash |
|
||||
| | | | | | in Metalink is not being discarded |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22923 | | | | curl: Metalink download |
|
||||
| | | | | | sends credentials |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
|
||||
| | | | | | due to flawed path name checks |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal |
|
||||
| | | | | | encryption because it lacks |
|
||||
| | | | | | exponent blinding to address a... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack |
|
||||
| | | | | | allowing private key leak |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
|
||||
| | | | | | doesn't have semantic security due |
|
||||
| | | | | | to incorrectly encoded plaintexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant |
|
||||
| | | | | | buffer overflow via crafted input |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext |
|
||||
| | | | | | attack against SSL/TLS (BEAST) |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
|
||||
| | | | | | fails to perform the roundtrip |
|
||||
| | | | | | checks specified in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword |
|
||||
| | | | | | mode cipherstring parsing |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
|
||||
| | | | | | via PID file manipulation |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-17740 | | | | openldap: |
|
||||
| | | | | | contrib/slapd-modules/nops/nops.c |
|
||||
| | | | | | attempts to free stack buffer |
|
||||
| | | | | | allowing remote attackers to cause... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-15719 | | | | openldap: Certificate |
|
||||
| | | | | | validation incorrectly |
|
||||
| | | | | | matches name against CN-ID |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword |
|
||||
| | | | | | mode cipherstring parsing |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
|
||||
| | | | | | via PID file manipulation |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-17740 | | | | openldap: |
|
||||
| | | | | | contrib/slapd-modules/nops/nops.c |
|
||||
| | | | | | attempts to free stack buffer |
|
||||
| | | | | | allowing remote attackers to cause... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-15719 | | | | openldap: Certificate |
|
||||
| | | | | | validation incorrectly |
|
||||
| | | | | | matches name against CN-ID |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer |
|
||||
| | | | | | overflow in LZ4_write32 |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+ + + +---------------+ +
|
||||
| libncursesw6 | | | | | |
|
||||
| | | | | | |
|
||||
| | | | | | |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS |
|
||||
| | | | | | frames can lead to DoS |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when |
|
||||
| | | | | | parsing callout numeric arguments |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the |
|
||||
| | | | | | match function in pcre_exec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-16231 | | | | pcre: self-recursive call |
|
||||
| | | | | | in match() in pcre_exec.c |
|
||||
| | | | | | leads to denial of service... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
|
||||
| | | | | | when UTF is disabled and \X or... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation |
|
||||
| | | | | | of syscall filters in libseccomp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
|
||||
| | | | | | cil_reset_classpermission() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
|
||||
| | | | | | overflow in ebitmap_match_any() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in |
|
||||
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|
||||
| | | | | | in kex.c leads to out-of-bounds write |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in |
|
||||
| | | | | | SSH_MSG_DISCONNECT logic in packet.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser |
|
||||
| | | | | | can create SUID/SGID binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
|
||||
| | | | | | can get new privileges and |
|
||||
| | | | | | create SGID binaries... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
|
||||
| | | | | | in login/logind-button.c when |
|
||||
| | | | | | udev events are received... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
|
||||
| | | | | | usernames beginning with decimal |
|
||||
| | | | | | digits or 0x followed by... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
|
||||
| | | | | | _asn1_expand_object_id(ptree) |
|
||||
| | | | | | leads to memory exhaustion |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser |
|
||||
| | | | | | can create SUID/SGID binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
|
||||
| | | | | | can get new privileges and |
|
||||
| | | | | | create SGID binaries... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
|
||||
| | | | | | in login/logind-button.c when |
|
||||
| | | | | | udev events are received... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
|
||||
| | | | | | usernames beginning with decimal |
|
||||
| | | | | | digits or 0x followed by... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
|
||||
| | | | | | allows unprivileged user to |
|
||||
| | | | | | drop supplementary groups |
|
||||
| | | | | | potentially allowing privilege... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
|
||||
| | | | | | allows unprivileged user to |
|
||||
| | | | | | drop supplementary groups |
|
||||
| | | | | | potentially allowing privilege... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
|
||||
| | | | | | temporary file handling |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user |
|
||||
| | | | | | when extracting setuid or setgid... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
|
||||
| | | | | | in pax_decode_header in sparse.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-20193 | | | | tar: Memory leak in |
|
||||
| | | | | | read_header() in list.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
|
||||
opt/bitnami/common/bin/gosu (gobinary)
|
||||
======================================
|
||||
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
```
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd
|
||||
generated: "2021-12-03T14:13:00.244717564Z"
|
Binary file not shown.
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="postgresql-6.0.18"></a>
|
||||
### [postgresql-6.0.18](https://github.com/truecharts/apps/compare/postgresql-6.0.17...postgresql-6.0.18) (2021-12-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452))
|
||||
|
||||
|
||||
|
||||
<a name="postgresql-6.0.17"></a>
|
||||
### [postgresql-6.0.17](https://github.com/truecharts/apps/compare/postgresql-6.0.16...postgresql-6.0.17) (2021-12-03)
|
||||
|
||||
|
@ -88,12 +97,3 @@
|
|||
<a name="postgresql-6.0.6"></a>
|
||||
### [postgresql-6.0.6](https://github.com/truecharts/apps/compare/postgresql-6.0.5...postgresql-6.0.6) (2021-11-22)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380))
|
||||
|
||||
|
||||
|
||||
<a name="postgresql-6.0.4"></a>
|
||||
### [postgresql-6.0.4](https://github.com/truecharts/apps/compare/postgresql-6.0.3...postgresql-6.0.4) (2021-11-18)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.10
|
||||
digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc
|
||||
generated: "2021-12-03T19:49:04.037663516Z"
|
|
@ -3,7 +3,7 @@ appVersion: "14.1.0"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
version: 8.9.10
|
||||
deprecated: false
|
||||
description: PostgresSQL
|
||||
home: https://github.com/truecharts/apps/tree/master/stable/postgres
|
||||
|
@ -22,7 +22,7 @@ name: postgresql
|
|||
sources:
|
||||
- https://www.postgresql.org/
|
||||
type: application
|
||||
version: 6.0.17
|
||||
version: 6.0.18
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- database
|
|
@ -17,7 +17,7 @@ Kubernetes: `>=1.16.0-0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.9.7 |
|
||||
| https://truecharts.org | common | 8.9.10 |
|
||||
|
||||
## Installing the Chart
|
||||
|
Binary file not shown.
File diff suppressed because it is too large
Load Diff
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd
|
||||
generated: "2021-12-03T14:13:32.70150928Z"
|
Binary file not shown.
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="promtail-1.0.6"></a>
|
||||
### [promtail-1.0.6](https://github.com/truecharts/apps/compare/promtail-1.0.5...promtail-1.0.6) (2021-12-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452))
|
||||
|
||||
|
||||
|
||||
<a name="promtail-1.0.5"></a>
|
||||
### [promtail-1.0.5](https://github.com/truecharts/apps/compare/promtail-1.0.4...promtail-1.0.5) (2021-12-03)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.10
|
||||
digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc
|
||||
generated: "2021-12-03T19:50:04.789607888Z"
|
|
@ -3,7 +3,7 @@ appVersion: "2.4.1"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
version: 8.9.10
|
||||
deprecated: false
|
||||
description: Promtail is an agent which ships the contents of local logs to a Loki instance
|
||||
icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png
|
||||
|
@ -22,7 +22,7 @@ sources:
|
|||
- https://grafana.com/oss/loki/
|
||||
- https://grafana.com/docs/loki/latest/
|
||||
type: application
|
||||
version: 1.0.5
|
||||
version: 1.0.6
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- metrics
|
|
@ -19,7 +19,7 @@ Kubernetes: `>=1.16.0-0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.9.7 |
|
||||
| https://truecharts.org | common | 8.9.10 |
|
||||
|
||||
## Installing the Chart
|
||||
|
Binary file not shown.
|
@ -0,0 +1,545 @@
|
|||
# Security Scan
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
```
|
||||
2021-12-03T19:50:27.019Z [34mINFO[0m Detected config files: 1
|
||||
|
||||
promtail/templates/common.yaml (kubernetes)
|
||||
===========================================
|
||||
Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0)
|
||||
Failures: 13 (UNKNOWN: 0, LOW: 4, MEDIUM: 9, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Container 'RELEASE-NAME-promtail' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.runAsNonRoot' to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv012 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.runAsNonRoot' to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv012 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-promtail' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-promtail' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-promtail' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV014 | Root file system is not read-only | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.readOnlyRootFilesystem' |
|
||||
| | | | | to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv014 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-promtail' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-promtail' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | Deployment 'RELEASE-NAME-promtail' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-promtail' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-promtail' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of Deployment |
|
||||
| | | | | 'RELEASE-NAME-promtail' should set |
|
||||
| | | | | 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV023 | hostPath volumes mounted | | Deployment 'RELEASE-NAME-promtail' |
|
||||
| | | | | should not set |
|
||||
| | | | | 'spec.template.volumes.hostPath' |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv023 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV029 | A root primary or supplementary GID set | LOW | Deployment 'RELEASE-NAME-promtail' should |
|
||||
| | | | | set 'spec.securityContext.runAsGroup', |
|
||||
| | | | | 'spec.securityContext.supplementalGroups[*]' |
|
||||
| | | | | and 'spec.securityContext.fsGroup' |
|
||||
| | | | | to integer greater than 0 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv029 |
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
```
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4
|
||||
|
||||
##### Scan Results
|
||||
|
||||
**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
|
||||
|
||||
```
|
||||
2021-12-03T19:50:28.083Z [34mINFO[0m Detected OS: alpine
|
||||
2021-12-03T19:50:28.083Z [34mINFO[0m Detecting Alpine vulnerabilities...
|
||||
2021-12-03T19:50:28.087Z [34mINFO[0m Number of language-specific files: 0
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
=========================================================================================================================
|
||||
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
|
||||
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+ +---------------+---------------------------------------+
|
||||
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
```
|
||||
|
||||
**Container: tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4**
|
||||
|
||||
```
|
||||
2021-12-03T19:50:31.667Z [34mINFO[0m Detected OS: debian
|
||||
2021-12-03T19:50:31.667Z [34mINFO[0m Detecting Debian vulnerabilities...
|
||||
2021-12-03T19:50:31.681Z [34mINFO[0m Number of language-specific files: 1
|
||||
2021-12-03T19:50:31.681Z [34mINFO[0m Detecting gobinary vulnerabilities...
|
||||
|
||||
tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 (debian 11.1)
|
||||
========================================================================================================================
|
||||
Total: 65 (UNKNOWN: 0, LOW: 60, MEDIUM: 1, HIGH: 2, CRITICAL: 2)
|
||||
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| apt | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged |
|
||||
| | | | | | session can escape to the |
|
||||
| | | | | | parent session in chroot |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2017-18018 | | | | coreutils: race condition |
|
||||
| | | | | | vulnerability in chown and chgrp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libapt-pkg6.0 | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+----------+ +---------------+-----------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2021-43396 | | | | glibc: conversion from |
|
||||
| | | | | | ISO-2022-JP-3 with iconv may |
|
||||
| | | | | | emit spurious NUL character on... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 |
|
||||
+------------------+------------------+----------+ +---------------+-----------------------------------------+
|
||||
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+----------+ +---------------+-----------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2021-43396 | | | | glibc: conversion from |
|
||||
| | | | | | ISO-2022-JP-3 with iconv may |
|
||||
| | | | | | emit spurious NUL character on... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal |
|
||||
| | | | | | encryption because it lacks |
|
||||
| | | | | | exponent blinding to address a... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
|
||||
+ +------------------+----------+ +---------------+-----------------------------------------+
|
||||
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
|
||||
| | | | | | doesn't have semantic security due |
|
||||
| | | | | | to incorrectly encoded plaintexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant |
|
||||
| | | | | | buffer overflow via crafted input |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext |
|
||||
| | | | | | attack against SSL/TLS (BEAST) |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+-----------------------------------------+
|
||||
| libk5crypto3 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+-----------------------------------------+
|
||||
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+-----------------------------------------+
|
||||
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the |
|
||||
| | | | | | match function in pcre_exec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2017-16231 | | | | pcre: self-recursive call |
|
||||
| | | | | | in match() in pcre_exec.c |
|
||||
| | | | | | leads to denial of service... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
|
||||
| | | | | | when UTF is disabled and \X or... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
|
||||
| | | | | | cil_reset_classpermission() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
|
||||
| | | | | | overflow in ebitmap_match_any() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libsystemd-dev | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+------------------+------------------+ + +---------------+-----------------------------------------+
|
||||
| libsystemd0 | CVE-2013-4392 | | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+ + + +---------------+ +
|
||||
| ncurses-bin | | | | | |
|
||||
| | | | | | |
|
||||
| | | | | | |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+-----------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
| perl-base | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
|
||||
+ +------------------+----------+ +---------------+-----------------------------------------+
|
||||
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
|
||||
| | | | | | temporary file handling |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
|
||||
+------------------+------------------+ +-------------------+---------------+-----------------------------------------+
|
||||
| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user |
|
||||
| | | | | | when extracting setuid or setgid... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
|
||||
+------------------+------------------+----------+-------------------+---------------+-----------------------------------------+
|
||||
|
||||
usr/bin/promtail (gobinary)
|
||||
===========================
|
||||
Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)
|
||||
|
||||
+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+
|
||||
| github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.5.4 | v1.4.11, v1.5.7 | containerd: insufficiently |
|
||||
| | | | | | restricted permissions on container |
|
||||
| | | | | | root and plugin directories |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-41103 |
|
||||
+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+
|
||||
| github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 | prometheus: Stored DOM |
|
||||
| | | | | | cross-site scripting (XSS) |
|
||||
| | | | | | attack via crafted URL |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3826 |
|
||||
+----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+
|
||||
```
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd
|
||||
generated: "2021-12-03T14:14:05.026499062Z"
|
Binary file not shown.
|
@ -1,6 +1,15 @@
|
|||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="redis-1.0.22"></a>
|
||||
### [redis-1.0.22](https://github.com/truecharts/apps/compare/redis-1.0.21...redis-1.0.22) (2021-12-03)
|
||||
|
||||
#### Chore
|
||||
|
||||
* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452))
|
||||
|
||||
|
||||
|
||||
<a name="redis-1.0.21"></a>
|
||||
### [redis-1.0.21](https://github.com/truecharts/apps/compare/redis-1.0.20...redis-1.0.21) (2021-12-03)
|
||||
|
||||
|
@ -88,12 +97,3 @@
|
|||
<a name="redis-1.0.10"></a>
|
||||
### [redis-1.0.10](https://github.com/truecharts/apps/compare/redis-1.0.9...redis-1.0.10) (2021-11-22)
|
||||
|
||||
#### Chore
|
||||
|
||||
* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380))
|
||||
|
||||
|
||||
|
||||
<a name="redis-1.0.8"></a>
|
||||
### [redis-1.0.8](https://github.com/truecharts/apps/compare/redis-1.0.7...redis-1.0.8) (2021-11-18)
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.10
|
||||
digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc
|
||||
generated: "2021-12-03T19:51:06.979294002Z"
|
|
@ -3,7 +3,7 @@ appVersion: "6.2.6"
|
|||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.9.7
|
||||
version: 8.9.10
|
||||
deprecated: false
|
||||
description: Open source, advanced key-value store.
|
||||
home: https://github.com/truecharts/apps/tree/master/stable/redis
|
||||
|
@ -22,7 +22,7 @@ sources:
|
|||
- https://github.com/bitnami/bitnami-docker-redis
|
||||
- http://redis.io/
|
||||
type: application
|
||||
version: 1.0.21
|
||||
version: 1.0.22
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- database
|
|
@ -18,7 +18,7 @@ Kubernetes: `>=1.16.0-0`
|
|||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://truecharts.org | common | 8.9.7 |
|
||||
| https://truecharts.org | common | 8.9.10 |
|
||||
|
||||
## Installing the Chart
|
||||
|
Binary file not shown.
|
@ -0,0 +1,892 @@
|
|||
# Security Scan
|
||||
|
||||
## Helm-Chart
|
||||
|
||||
##### Scan Results
|
||||
|
||||
```
|
||||
2021-12-03T19:51:28.440Z [34mINFO[0m Detected config files: 1
|
||||
|
||||
redis/templates/common.yaml (kubernetes)
|
||||
========================================
|
||||
Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0)
|
||||
Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE |
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' |
|
||||
| | | | | should add 'ALL' to |
|
||||
| | | | | 'securityContext.capabilities.drop' |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv003 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
|
||||
| | | | | set 'securityContext.runAsNonRoot' to |
|
||||
| | | | | true -->avd.aquasec.com/appshield/ksv012 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' |
|
||||
| | | | | should specify an image tag |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv013 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-redis' should set |
|
||||
| | | | | 'securityContext.readOnlyRootFilesystem' |
|
||||
| | | | | to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv014 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' |
|
||||
| | | | | of StatefulSet |
|
||||
| | | | | 'RELEASE-NAME-redis' should set |
|
||||
| | | | | 'securityContext.readOnlyRootFilesystem' |
|
||||
| | | | | to true |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv014 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' |
|
||||
| | | | | should specify a seccomp profile |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv019 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
|
||||
| | | | | set 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
|
||||
| | | | | set 'securityContext.runAsUser' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv020 |
|
||||
+ +------------+-----------------------------------------+ +----------------------------------------------+
|
||||
| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
|
||||
| | | | | set 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ + + + +----------------------------------------------+
|
||||
| | | | | Container 'autopermissions' of |
|
||||
| | | | | StatefulSet 'RELEASE-NAME-redis' should |
|
||||
| | | | | set 'securityContext.runAsGroup' > 10000 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv021 |
|
||||
+ +------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should |
|
||||
| | | | | set 'spec.securityContext.runAsGroup', |
|
||||
| | | | | 'spec.securityContext.supplementalGroups[*]' |
|
||||
| | | | | and 'spec.securityContext.fsGroup' |
|
||||
| | | | | to integer greater than 0 |
|
||||
| | | | | -->avd.aquasec.com/appshield/ksv029 |
|
||||
+---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+
|
||||
```
|
||||
|
||||
## Containers
|
||||
|
||||
##### Detected Containers
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae
|
||||
|
||||
##### Scan Results
|
||||
|
||||
**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c**
|
||||
|
||||
```
|
||||
2021-12-03T19:51:29.491Z [34mINFO[0m Detected OS: alpine
|
||||
2021-12-03T19:51:29.491Z [34mINFO[0m Detecting Alpine vulnerabilities...
|
||||
2021-12-03T19:51:29.495Z [34mINFO[0m Number of language-specific files: 0
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
=========================================================================================================================
|
||||
Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0)
|
||||
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+ +---------------+---------------------------------------+
|
||||
| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42379 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42380 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42381 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42382 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42383 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42384 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42385 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 |
|
||||
+ +------------------+ + + +---------------------------------------+
|
||||
| | CVE-2021-42386 | | | | busybox: use-after-free in |
|
||||
| | | | | | awk applet leads to denial |
|
||||
| | | | | | of service and possibly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 |
|
||||
+ +------------------+----------+ +---------------+---------------------------------------+
|
||||
| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read |
|
||||
| | | | | | in unlzma applet leads to |
|
||||
| | | | | | information leak and denial... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 |
|
||||
+ +------------------+ + +---------------+---------------------------------------+
|
||||
| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling |
|
||||
| | | | | | of a special element in |
|
||||
| | | | | | ash applet leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 |
|
||||
+------------+------------------+----------+-------------------+---------------+---------------------------------------+
|
||||
```
|
||||
|
||||
**Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae**
|
||||
|
||||
```
|
||||
2021-12-03T19:51:31.914Z [34mINFO[0m Detected OS: debian
|
||||
2021-12-03T19:51:31.914Z [34mINFO[0m Detecting Debian vulnerabilities...
|
||||
2021-12-03T19:51:31.930Z [34mINFO[0m Number of language-specific files: 2
|
||||
2021-12-03T19:51:31.930Z [34mINFO[0m Detecting gobinary vulnerabilities...
|
||||
|
||||
tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11)
|
||||
======================================================================================================================
|
||||
Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4)
|
||||
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not |
|
||||
| | | | | | equal to its real UID the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged |
|
||||
| | | | | | session can escape to the |
|
||||
| | | | | | parent session in chroot |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-18018 | | | | coreutils: race condition |
|
||||
| | | | | | vulnerability in chown and chgrp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
|
||||
| | | | | | TLS not properly enforced |
|
||||
| | | | | | for IMAP, POP3, and... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
|
||||
| | | | | | received before STARTTLS |
|
||||
| | | | | | processed after TLS handshake |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
|
||||
| | | | | | contents disclosure |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22922 | | | | curl: Content not matching hash |
|
||||
| | | | | | in Metalink is not being discarded |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22923 | | | | curl: Metalink download |
|
||||
| | | | | | sends credentials |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
|
||||
| | | | | | due to flawed path name checks |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification |
|
||||
| | | | | | Forgeries with SHA-1 |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, |
|
||||
| | | | | | all versions, do not correctly... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
|
||||
| | | | | | backtrace functions for powerpc |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
|
||||
| | | | | | function when expanding ~user |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
|
||||
| | | | | | ISO-2022-JP-3 gconv module |
|
||||
| | | | | | related to combining characters |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
|
||||
| | | | | | iconv when processing invalid |
|
||||
| | | | | | multi-byte input sequences in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-10029 | | | | glibc: stack corruption |
|
||||
| | | | | | from crafted input in cosl, |
|
||||
| | | | | | sinl, sincosl, and tanl... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-27618 | | | | glibc: iconv when processing |
|
||||
| | | | | | invalid multi-byte input |
|
||||
| | | | | | sequences fails to advance the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
|
||||
| | | | | | when invoked with the -c option |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
|
||||
| | | | | | not ignored in setuid binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-6096 | | | | glibc: signed comparison |
|
||||
| | | | | | vulnerability in the |
|
||||
| | | | | | ARMv7 memcpy function |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
|
||||
| | | | | | addgetnetgrentX function |
|
||||
| | | | | | in netgroupcache.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
|
||||
+------------------+------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does |
|
||||
| | | | | | not handle separately |
|
||||
| | | | | | allocated thread attributes |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1751 | HIGH | | | glibc: array overflow in |
|
||||
| | | | | | backtrace functions for powerpc |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-1752 | | | | glibc: use-after-free in glob() |
|
||||
| | | | | | function when expanding ~user |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-3326 | | | | glibc: Assertion failure in |
|
||||
| | | | | | ISO-2022-JP-3 gconv module |
|
||||
| | | | | | related to combining characters |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in |
|
||||
| | | | | | iconv when processing invalid |
|
||||
| | | | | | multi-byte input sequences in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-10029 | | | | glibc: stack corruption |
|
||||
| | | | | | from crafted input in cosl, |
|
||||
| | | | | | sinl, sincosl, and tanl... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-27618 | | | | glibc: iconv when processing |
|
||||
| | | | | | invalid multi-byte input |
|
||||
| | | | | | sequences fails to advance the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-4756 | LOW | | | glibc: glob implementation |
|
||||
| | | | | | can cause excessive CPU and |
|
||||
| | | | | | memory consumption due to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2016-10228 | | | | glibc: iconv program can hang |
|
||||
| | | | | | when invoked with the -c option |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
|
||||
| | | | | | leads to code execution because of... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
|
||||
| | | | | | cache of thread stack and heap |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
|
||||
| | | | | | addresses of pthread_created thread |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC |
|
||||
| | | | | | not ignored in setuid binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
|
||||
| | | | | | function check_dst_limits_calc_pos_1 |
|
||||
| | | | | | in posix/regexec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-6096 | | | | glibc: signed comparison |
|
||||
| | | | | | vulnerability in the |
|
||||
| | | | | | ARMv7 memcpy function |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-27645 | | | | glibc: Use-after-free in |
|
||||
| | | | | | addgetnetgrentX function |
|
||||
| | | | | | in netgroupcache.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use |
|
||||
| | | | | | TLS not properly enforced |
|
||||
| | | | | | for IMAP, POP3, and... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22947 | MEDIUM | | | curl: Server responses |
|
||||
| | | | | | received before STARTTLS |
|
||||
| | | | | | processed after TLS handshake |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22898 | LOW | | | curl: TELNET stack |
|
||||
| | | | | | contents disclosure |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22922 | | | | curl: Content not matching hash |
|
||||
| | | | | | in Metalink is not being discarded |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22923 | | | | curl: Metalink download |
|
||||
| | | | | | sends credentials |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-22924 | | | | curl: Bad connection reuse |
|
||||
| | | | | | due to flawed path name checks |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal |
|
||||
| | | | | | encryption because it lacks |
|
||||
| | | | | | exponent blinding to address a... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack |
|
||||
| | | | | | allowing private key leak |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation |
|
||||
| | | | | | doesn't have semantic security due |
|
||||
| | | | | | to incorrectly encoded plaintexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant |
|
||||
| | | | | | buffer overflow via crafted input |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext |
|
||||
| | | | | | attack against SSL/TLS (BEAST) |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 |
|
||||
| | | | | | fails to perform the roundtrip |
|
||||
| | | | | | checks specified in... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libkrb5-3 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libkrb5support0 | CVE-2004-0971 | | | | security flaw |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-5709 | | | | krb5: integer overflow |
|
||||
| | | | | | in dbentry->n_key_data |
|
||||
| | | | | | in kadmin/dbutil/dump.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword |
|
||||
| | | | | | mode cipherstring parsing |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
|
||||
| | | | | | via PID file manipulation |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-17740 | | | | openldap: |
|
||||
| | | | | | contrib/slapd-modules/nops/nops.c |
|
||||
| | | | | | attempts to free stack buffer |
|
||||
| | | | | | allowing remote attackers to cause... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-15719 | | | | openldap: Certificate |
|
||||
| | | | | | validation incorrectly |
|
||||
| | | | | | matches name against CN-ID |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
|
||||
+------------------+------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword |
|
||||
| | | | | | mode cipherstring parsing |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-14159 | | | | openldap: Privilege escalation |
|
||||
| | | | | | via PID file manipulation |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-17740 | | | | openldap: |
|
||||
| | | | | | contrib/slapd-modules/nops/nops.c |
|
||||
| | | | | | attempts to free stack buffer |
|
||||
| | | | | | allowing remote attackers to cause... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-15719 | | | | openldap: Certificate |
|
||||
| | | | | | validation incorrectly |
|
||||
| | | | | | matches name against CN-ID |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer |
|
||||
| | | | | | overflow in LZ4_write32 |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+ + + +---------------+ +
|
||||
| libncursesw6 | | | | | |
|
||||
| | | | | | |
|
||||
| | | | | | |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS |
|
||||
| | | | | | frames can lead to DoS |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when |
|
||||
| | | | | | parsing callout numeric arguments |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the |
|
||||
| | | | | | match function in pcre_exec.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-16231 | | | | pcre: self-recursive call |
|
||||
| | | | | | in match() in pcre_exec.c |
|
||||
| | | | | | leads to denial of service... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow |
|
||||
| | | | | | write in pcre32_copy_substring |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT |
|
||||
| | | | | | when UTF is disabled and \X or... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation |
|
||||
| | | | | | of syscall filters in libseccomp |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36085 | | | | libsepol: use-after-free in |
|
||||
| | | | | | __cil_verify_classperms() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36086 | | | | libsepol: use-after-free in |
|
||||
| | | | | | cil_reset_classpermission() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-36087 | | | | libsepol: heap-based buffer |
|
||||
| | | | | | overflow in ebitmap_match_any() |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in |
|
||||
| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange |
|
||||
| | | | | | in kex.c leads to out-of-bounds write |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in |
|
||||
| | | | | | SSH_MSG_DISCONNECT logic in packet.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack |
|
||||
| | | | | | protection address in cfgexpand.c |
|
||||
| | | | | | and function.c leads to... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic |
|
||||
| | | | | | produces repeated output |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser |
|
||||
| | | | | | can create SUID/SGID binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
|
||||
| | | | | | can get new privileges and |
|
||||
| | | | | | create SGID binaries... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
|
||||
| | | | | | in login/logind-button.c when |
|
||||
| | | | | | udev events are received... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
|
||||
| | | | | | usernames beginning with decimal |
|
||||
| | | | | | digits or 0x followed by... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in |
|
||||
| | | | | | _asn1_expand_object_id(ptree) |
|
||||
| | | | | | leads to memory exhaustion |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser |
|
||||
| | | | | | can create SUID/SGID binaries |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-3844 | | | | systemd: services with DynamicUser |
|
||||
| | | | | | can get new privileges and |
|
||||
| | | | | | create SGID binaries... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition |
|
||||
| | | | | | when updating file permissions |
|
||||
| | | | | | and SELinux security contexts... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-20386 | | | | systemd: memory leak in button_open() |
|
||||
| | | | | | in login/logind-button.c when |
|
||||
| | | | | | udev events are received... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW |
|
||||
| | | | | | authentication not implemented |
|
||||
| | | | | | can cause a system running the... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2020-13776 | | | | systemd: Mishandles numerical |
|
||||
| | | | | | usernames beginning with decimal |
|
||||
| | | | | | digits or 0x followed by... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
|
||||
| | | | | | allows unprivileged user to |
|
||||
| | | | | | drop supplementary groups |
|
||||
| | | | | | potentially allowing privilege... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow |
|
||||
| | | | | | in _nc_captoinfo() in captoinfo.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo |
|
||||
| | | | | | random number generator |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 |
|
||||
| | | | | | sets insecure permissions for |
|
||||
| | | | | | the /var/log/btmp file,... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race |
|
||||
| | | | | | conditions by copying and |
|
||||
| | | | | | removing directory trees |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2018-7169 | | | | shadow-utils: newgidmap |
|
||||
| | | | | | allows unprivileged user to |
|
||||
| | | | | | drop supplementary groups |
|
||||
| | | | | | potentially allowing privilege... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-19882 | | | | shadow-utils: local users can |
|
||||
| | | | | | obtain root access because setuid |
|
||||
| | | | | | programs are misconfigured... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 |
|
||||
+ +------------------+----------+ +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure |
|
||||
| | | | | | temporary file handling |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user |
|
||||
| | | | | | when extracting setuid or setgid... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2019-9923 | | | | tar: null-pointer dereference |
|
||||
| | | | | | in pax_decode_header in sparse.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 |
|
||||
+ +------------------+ + +---------------+--------------------------------------------------------------+
|
||||
| | CVE-2021-20193 | | | | tar: Memory leak in |
|
||||
| | | | | | read_header() in list.c |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 |
|
||||
+------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+
|
||||
| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow |
|
||||
| | | | | | can lead to buffer overflow |
|
||||
| | | | | | in get_sem_elements() in |
|
||||
| | | | | | sys-utils/ipcutils.c... |
|
||||
| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 |
|
||||
+------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+
|
||||
|
||||
opt/bitnami/common/bin/gosu (gobinary)
|
||||
======================================
|
||||
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
|
||||
opt/bitnami/common/bin/wait-for-port (gobinary)
|
||||
===============================================
|
||||
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
|
||||
|
||||
```
|
||||
|
Loading…
Reference in New Issue