TrueChartsClone/charts/stable/komga/security.md

137 lines
73 KiB
Markdown
Raw Normal View History

---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: komga/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-komga&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-komga&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-komga&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment &#39;RELEASE-NAME-komga&#39; should not set &#39;spec.template.volumes.hostPath&#39; </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-komga&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/komga:v0.153.1@sha256:4c6a79a3c63d87631ecf9237d5857e0ef0fb7c8b80b9a26f5f483aeccb9abb15
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| No Vulnerabilities found |
|:---------------------------------|
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| No Vulnerabilities found |
|:---------------------------------|
#### Container: tccr.io/truecharts/komga:v0.153.1@sha256:4c6a79a3c63d87631ecf9237d5857e0ef0fb7c8b80b9a26f5f483aeccb9abb15 (ubuntu 20.04)
**ubuntu**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html">http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276</a><br><a href="https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff">https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff</a><br><a href="https://linux.oracle.com/cve/CVE-2019-18276.html">https://linux.oracle.com/cve/CVE-2019-18276.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-1679.html">https://linux.oracle.com/errata/ELSA-2021-1679.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://security.gentoo.org/glsa/202105-34">https://security.gentoo.org/glsa/202105-34</a><br><a href="https://security.netapp.com/advisory/ntap-20200430-0003/">https://security.netapp.com/advisory/ntap-20200430-0003/</a><br><a href="https://www.youtube.com/watch?v=-wGtxJ8opa8">https://www.youtube.com/watch?v=-wGtxJ8opa8</a><br></details> |
| coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | | <details><summary>Expand...</summary><a href="http://seclists.org/oss-sec/2016/q1/452">http://seclists.org/oss-sec/2016/q1/452</a><br><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a><br><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://lore.kernel.org/patchwork/patch/793178/">https://lore.kernel.org/patchwork/patch/793178/</a><br></details> |
| libasn1-8-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libexpat1 | CVE-2022-25313 | MEDIUM | 2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.4 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">http://www.openwall.com/lists/oss-security/2022/02/19/1</a><br><a href="https://blog.hartwork.org/posts/expat-2-4-5-released/">https://blog.hartwork.org/posts/expat-2-4-5-released/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25313</a><br><a href="https://github.com/libexpat/libexpat/pull/558">https://github.com/libexpat/libexpat/pull/558</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/</a><br><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">https://security.netapp.com/advisory/ntap-20220303-0008/</a><br><a href="https://ubuntu.com/security/notices/USN-5320-1">https://ubuntu.com/security/notices/USN-5320-1</a><br><a href="https://www.debian.org/security/2022/dsa-5085">https://www.debian.org/security/2022/dsa-5085</a><br></details> |
| libexpat1 | CVE-2022-25314 | MEDIUM | 2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.4 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">http://www.openwall.com/lists/oss-security/2022/02/19/1</a><br><a href="https://blog.hartwork.org/posts/expat-2-4-5-released/">https://blog.hartwork.org/posts/expat-2-4-5-released/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25314</a><br><a href="https://github.com/libexpat/libexpat/pull/560">https://github.com/libexpat/libexpat/pull/560</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/</a><br><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">https://security.netapp.com/advisory/ntap-20220303-0008/</a><br><a href="https://ubuntu.com/security/notices/USN-5320-1">https://ubuntu.com/security/notices/USN-5320-1</a><br><a href="https://www.debian.org/security/2022/dsa-5085">https://www.debian.org/security/2022/dsa-5085</a><br></details> |
| libexpat1 | CVE-2022-25315 | MEDIUM | 2.2.9-1ubuntu0.2 | 2.2.9-1ubuntu0.4 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/02/19/1">http://www.openwall.com/lists/oss-security/2022/02/19/1</a><br><a href="https://blog.hartwork.org/posts/expat-2-4-5-released/">https://blog.hartwork.org/posts/expat-2-4-5-released/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25315</a><br><a href="https://github.com/libexpat/libexpat/pull/559">https://github.com/libexpat/libexpat/pull/559</a><br><a href="https://linux.oracle.com/cve/CVE-2022-25315.html">https://linux.oracle.com/cve/CVE-2022-25315.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0951.html">https://linux.oracle.com/errata/ELSA-2022-0951.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/</a><br><a href="https://security.netapp.com/advisory/ntap-20220303-0008/">https://security.netapp.com/advisory/ntap-20220303-0008/</a><br><a href="https://ubuntu.com/security/notices/USN-5320-1">https://ubuntu.com/security/notices/USN-5320-1</a><br><a href="https://www.debian.org/security/2022/dsa-5085">https://www.debian.org/security/2022/dsa-5085</a><br></details> |
| libgmp10 | CVE-2021-43618 | LOW | 2:6.2.0+dfsg-4 | | <details><summary>Expand...</summary><a href="https://bugs.debian.org/994405">https://bugs.debian.org/994405</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618</a><br><a href="https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html">https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html</a><br><a href="https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e">https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html</a><br></details> |
| libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libgssapi3-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libhcrypto4-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libheimbase1-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libheimntlm0-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libhx509-5-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libk5crypto3 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libkrb5-26-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libkrb5-3 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libkrb5support0 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libkrb5support0 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libpcre3 | CVE-2017-11164 | LOW | 2:8.39-12build1 | | <details><summary>Expand...</summary><a href="http://openwall.com/lists/oss-security/2017/07/11/3">http://openwall.com/lists/oss-security/2017/07/11/3</a><br><a href="http://www.securityfocus.com/bid/99575">http://www.securityfocus.com/bid/99575</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12build1 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
| libpcre3 | CVE-2020-14155 | LOW | 2:8.39-12build1 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/">https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155</a><br><a href="https://linux.oracle.com/cve/CVE-2020-14155.html">https://linux.oracle.com/cve/CVE-2020-14155.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
| libroken18-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libsepol1 | CVE-2021-36084 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36085 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36086 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086</a><br><a href="https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8">https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36086.html">https://linux.oracle.com/cve/CVE-2021-36086.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36087 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087</a><br><a href="https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521">https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36087.html">https://linux.oracle.com/cve/CVE-2021-36087.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br><a href="https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/">https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/</a><br></details> |
| libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/HT211168">https://support.apple.com/HT211168</a><br><a href="https://support.apple.com/HT211170">https://support.apple.com/HT211170</a><br><a href="https://support.apple.com/HT211171">https://support.apple.com/HT211171</a><br><a href="https://support.apple.com/HT211175">https://support.apple.com/HT211175</a><br><a href="https://support.apple.com/HT211178">https://support.apple.com/HT211178</a><br><a href="https://support.apple.com/HT211179">https://support.apple.com/HT211179</a><br><a href="https://support.apple.com/HT211181">https://support.apple.com/HT211181</a><br><a href="https://vuldb.com/?id.155768">https://vuldb.com/?id.155768</a><br></details> |
| libsqlite3-0 | CVE-2020-9849 | LOW | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/en-us/HT211843">https://support.apple.com/en-us/HT211843</a><br><a href="https://support.apple.com/en-us/HT211844">https://support.apple.com/en-us/HT211844</a><br><a href="https://support.apple.com/en-us/HT211850">https://support.apple.com/en-us/HT211850</a><br><a href="https://support.apple.com/en-us/HT211931">https://support.apple.com/en-us/HT211931</a><br><a href="https://support.apple.com/en-us/HT211935">https://support.apple.com/en-us/HT211935</a><br><a href="https://support.apple.com/en-us/HT211952">https://support.apple.com/en-us/HT211952</a><br><a href="https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/">https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/</a><br></details> |
| libsqlite3-0 | CVE-2020-9991 | LOW | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/en-us/HT211843">https://support.apple.com/en-us/HT211843</a><br><a href="https://support.apple.com/en-us/HT211844">https://support.apple.com/en-us/HT211844</a><br><a href="https://support.apple.com/en-us/HT211847">https://support.apple.com/en-us/HT211847</a><br><a href="https://support.apple.com/en-us/HT211850">https://support.apple.com/en-us/HT211850</a><br><a href="https://support.apple.com/en-us/HT211931">https://support.apple.com/en-us/HT211931</a><br><a href="https://support.apple.com/kb/HT211846">https://support.apple.com/kb/HT211846</a><br><a href="https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/">https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/</a><br></details> |
| libsqlite3-0 | CVE-2021-36690 | LOW | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36690">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36690</a><br><a href="https://www.oracle.com/security-alerts/cpujan2022.html">https://www.oracle.com/security-alerts/cpujan2022.html</a><br><a href="https://www.sqlite.org/forum/forumpost/718c0a8d17">https://www.sqlite.org/forum/forumpost/718c0a8d17</a><br></details> |
| libssl1.1 | CVE-2022-0778 | HIGH | 1.1.1f-1ubuntu2.10 | 1.1.1f-1ubuntu2.12 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246</a><br><a href="https://linux.oracle.com/cve/CVE-2022-0778.html">https://linux.oracle.com/cve/CVE-2022-0778.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-9246.html">https://linux.oracle.com/errata/ELSA-2022-9246.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002</a><br><a href="https://security.netapp.com/advisory/ntap-20220321-0002/">https://security.netapp.com/advisory/ntap-20220321-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5328-1">https://ubuntu.com/security/notices/USN-5328-1</a><br><a href="https://ubuntu.com/security/notices/USN-5328-2">https://ubuntu.com/security/notices/USN-5328-2</a><br><a href="https://www.debian.org/security/2022/dsa-5103">https://www.debian.org/security/2022/dsa-5103</a><br><a href="https://www.openssl.org/news/secadv/20220315.txt">https://www.openssl.org/news/secadv/20220315.txt</a><br></details> |
| libtasn1-6 | CVE-2018-1000654 | LOW | 4.16.0-2 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html">http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html">http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html</a><br><a href="http://www.securityfocus.com/bid/105151">http://www.securityfocus.com/bid/105151</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000654</a><br><a href="https://gitlab.com/gnutls/libtasn1/issues/4">https://gitlab.com/gnutls/libtasn1/issues/4</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libwind0-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| login | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/cve-2013-4235">https://access.redhat.com/security/cve/cve-2013-4235</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">https://security-tracker.debian.org/tracker/CVE-2013-4235</a><br></details> |
| openssl | CVE-2022-0778 | HIGH | 1.1.1f-1ubuntu2.10 | 1.1.1f-1ubuntu2.12 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83</a><br><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246</a><br><a href="https://linux.oracle.com/cve/CVE-2022-0778.html">https://linux.oracle.com/cve/CVE-2022-0778.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-9246.html">https://linux.oracle.com/errata/ELSA-2022-9246.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html">https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/</a><br><a href="https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002">https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002</a><br><a href="https://security.netapp.com/advisory/ntap-20220321-0002/">https://security.netapp.com/advisory/ntap-20220321-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5328-1">https://ubuntu.com/security/notices/USN-5328-1</a><br><a href="https://ubuntu.com/security/notices/USN-5328-2">https://ubuntu.com/security/notices/USN-5328-2</a><br><a href="https://www.debian.org/security/2022/dsa-5103">https://www.debian.org/security/2022/dsa-5103</a><br><a href="https://www.openssl.org/news/secadv/20220315.txt">https://www.openssl.org/news/secadv/20220315.txt</a><br></details> |
| passwd | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/cve-2013-4235">https://access.redhat.com/security/cve/cve-2013-4235</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">https://security-tracker.debian.org/tracker/CVE-2013-4235</a><br></details> |
| perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html</a><br><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156</a><br><a href="https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c">https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/</a><br><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">https://metacpan.org/pod/distribution/CPAN/scripts/cpan</a><br></details> |
| tar | CVE-2021-20193 | LOW | 1.30+dfsg-7ubuntu0.20.04.1 | 1.30+dfsg-7ubuntu0.20.04.2 | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1917565">https://bugzilla.redhat.com/show_bug.cgi?id=1917565</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193</a><br><a href="https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777">https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777</a><br><a href="https://savannah.gnu.org/bugs/?59897">https://savannah.gnu.org/bugs/?59897</a><br><a href="https://security.gentoo.org/glsa/202105-29">https://security.gentoo.org/glsa/202105-29</a><br><a href="https://ubuntu.com/security/notices/USN-5329-1">https://ubuntu.com/security/notices/USN-5329-1</a><br></details> |
| zlib1g | CVE-2018-25032 | MEDIUM | 1:1.2.11.dfsg-2ubuntu1.2 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br></details> |
**jar**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| com.fasterxml.jackson.core:jackson-databind | CVE-2020-36518 | HIGH | 2.12.6 | 2.13.2.1 | <details><summary>Expand...</summary><a href="https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b">https://github.com/FasterXML/jackson-databind/commit/fcfc4998ec23f0b1f7f8a9521c2b317b6c25892b</a><br><a href="https://github.com/FasterXML/jackson-databind/issues/2816">https://github.com/FasterXML/jackson-databind/issues/2816</a><br><a href="https://github.com/advisories/GHSA-57j2-w4cx-62h2">https://github.com/advisories/GHSA-57j2-w4cx-62h2</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-36518">https://nvd.nist.gov/vuln/detail/CVE-2020-36518</a><br></details> |
| com.github.junrar:junrar | CVE-2022-23596 | HIGH | 7.4.0 | 7.4.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-m6cj-93v6-cvr5">https://github.com/advisories/GHSA-m6cj-93v6-cvr5</a><br><a href="https://github.com/junrar/junrar/commit/7b16b3d90b91445fd6af0adfed22c07413d4fab7">https://github.com/junrar/junrar/commit/7b16b3d90b91445fd6af0adfed22c07413d4fab7</a><br><a href="https://github.com/junrar/junrar/issues/73">https://github.com/junrar/junrar/issues/73</a><br><a href="https://github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr5">https://github.com/junrar/junrar/security/advisories/GHSA-m6cj-93v6-cvr5</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23596">https://nvd.nist.gov/vuln/detail/CVE-2022-23596</a><br></details> |
| org.apache.activemq:artemis-commons | CVE-2022-23913 | HIGH | 2.17.0 | 2.19.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-pr38-qpxm-g88x">https://github.com/advisories/GHSA-pr38-qpxm-g88x</a><br><a href="https://github.com/apache/activemq-artemis/pull/3862">https://github.com/apache/activemq-artemis/pull/3862</a><br><a href="https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7">https://github.com/apache/activemq-artemis/pull/3862/commits/1f92368240229b8f5db92a92a72c703faf83e9b7</a><br><a href="https://github.com/apache/activemq-artemis/pull/3871">https://github.com/apache/activemq-artemis/pull/3871</a><br><a href="https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82">https://github.com/apache/activemq-artemis/pull/3871/commits/153d2e9a979aead8dff95fbc91d659ecc7d0fb82</a><br><a href="https://issues.apache.org/jira/browse/ARTEMIS-3593">https://issues.apache.org/jira/browse/ARTEMIS-3593</a><br><a href="https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2">https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-23913">https://nvd.nist.gov/vuln/detail/CVE-2022-23913</a><br><a href="https://security.netapp.com/advisory/ntap-20220303-0003/">https://security.netapp.com/advisory/ntap-20220303-0003/</a><br></details> |
| org.apache.activemq:artemis-server | CVE-2020-13947 | MEDIUM | 2.17.0 | | <details><summary>Expand...</summary><a href="http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt">http://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt</a><br><a href="https://github.com/advisories/GHSA-66gw-ch5v-74v8">https://github.com/advisories/GHSA-66gw-ch5v-74v8</a><br><a href="https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E">https://lists.apache.org/thread.html/r021c490028f61c8b6f7e38efb98e61693b0cbb6b99b02238c6fc7d66@%3Ccommits.activemq.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E">https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cdev.activemq.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E">https://lists.apache.org/thread.html/ra66791f1f2b59fa651a81cec5202acdfbf34c2154fc0ff200301cc1c@%3Cusers.activemq.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-13947">https://nvd.nist.gov/vuln/detail/CVE-2020-13947</a><br><a href="https://www.oracle.com/security-alerts/cpuApr2021.html">https://www.oracle.com/security-alerts/cpuApr2021.html</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| org.jgroups:jgroups | CVE-2016-2141 | CRITICAL | 3.6.13.Final | 4.0 | <details><summary>Expand...</summary><a href="http://rhn.redhat.com/errata/RHSA-2016-1435.html">http://rhn.redhat.com/errata/RHSA-2016-1435.html</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-1439.html">http://rhn.redhat.com/errata/RHSA-2016-1439.html</a><br><a href="http://rhn.redhat.com/errata/RHSA-2016-2035.html">http://rhn.redhat.com/errata/RHSA-2016-2035.html</a><br><a href="http://www.securityfocus.com/bid/91481">http://www.securityfocus.com/bid/91481</a><br><a href="http://www.securitytracker.com/id/1036165">http://www.securitytracker.com/id/1036165</a><br><a href="https://access.redhat.com/articles/2360521">https://access.redhat.com/articles/2360521</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1345">https://access.redhat.com/errata/RHSA-2016:1345</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1346">https://access.redhat.com/errata/RHSA-2016:1346</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1347">https://access.redhat.com/errata/RHSA-2016:1347</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1374">https://access.redhat.com/errata/RHSA-2016:1374</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1376">https://access.redhat.com/errata/RHSA-2016:1376</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1389">https://access.redhat.com/errata/RHSA-2016:1389</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1432">https://access.redhat.com/errata/RHSA-2016:1432</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1433">https://access.redhat.com/errata/RHSA-2016:1433</a><br><a href="https://access.redhat.com/errata/RHSA-2016:1434">https://access.redhat.com/errata/RHSA-2016:1434</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1313589">https://bugzilla.redhat.com/show_bug.cgi?id=1313589</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2141">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2141</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2141">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2141</a><br><a href="https://issues.jboss.org/browse/JGRP-2021">https://issues.jboss.org/browse/JGRP-2021</a><br><a href="https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E">https://lists.apache.org/thread.html/ra18cac97416abc2958db0b107877c31da28d884fa6e70fd89c87384a@%3Cdev.geode.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E">https://lists.apache.org/thread.html/rb37cc937d4fc026fb56de4b4ec0d054aa4083c1a4edd0d8360c068a0@%3Cdev.geode.apache.org%3E</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1328.html">https://rhn.redhat.com/errata/RHSA-2016-1328.html</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1329.html">https://rhn.redhat.com/errata/RHSA-2016-1329.html</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1330.html">https://rhn.redhat.com/errata/RHSA-2016-1330.html</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1331.html">https://rhn.redhat.com/errata/RHSA-2016-1331.html</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1332.html">https://rhn.redhat.com/errata/RHSA-2016-1332.html</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1333.html">https://rhn.redhat.com/errata/RHSA-2016-1333.html</a><br><a href="https://rhn.redhat.com/errata/RHSA-2016-1334.html">https://rhn.redhat.com/errata/RHSA-2016-1334.html</a><br><a href="https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html">https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html</a><br></details> |