2021-12-05 00:50:14 +00:00
---
hide:
- toc
---
2021-12-05 23:17:30 +00:00
# Security Overview
2021-12-04 20:11:45 +00:00
2021-12-05 00:50:14 +00:00
< link href = "https://truecharts.org/_static/trivy.css" type = "text/css" rel = "stylesheet" / >
2021-12-04 20:11:45 +00:00
## Helm-Chart
##### Scan Results
2021-12-05 00:50:14 +00:00
#### Chart Object: flood/templates/common.yaml
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
2021-12-04 20:34:35 +00:00
2021-12-05 00:50:14 +00:00
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.allowPrivilegeEscalation' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv001" > https://avd.aquasec.com/appshield/ksv001< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' RELEASE-NAME-flood' of Deployment ' RELEASE-NAME-flood' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | < details > < summary > Expand...< / summary > The container should drop all default capabilities and add only those that are needed for its execution. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should add ' ALL' to ' securityContext.capabilities.drop' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/" > https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv003" > https://avd.aquasec.com/appshield/ksv003< / a > < br > < / details > |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | < details > < summary > Expand...< / summary > Enforcing CPU limits prevents DoS via resource exhaustion. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' resources.limits.cpu' < / details > | < details > < summary > Expand...< / summary > < a href = "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits" > https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv011" > https://avd.aquasec.com/appshield/ksv011< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | < details > < summary > Expand...< / summary > ' runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsNonRoot' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv012" > https://avd.aquasec.com/appshield/ksv012< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | < details > < summary > Expand...< / summary > An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.readOnlyRootFilesystem' to true < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/" > https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv014" > https://avd.aquasec.com/appshield/ksv014< / a > < br > < / details > |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | < details > < summary > Expand...< / summary > When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' resources.requests.cpu' < / details > | < details > < summary > Expand...< / summary > < a href = "https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits" > https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv015" > https://avd.aquasec.com/appshield/ksv015< / a > < br > < / details > |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | < details > < summary > Expand...< / summary > When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' resources.requests.memory' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-resources-limits-memory/" > https://kubesec.io/basics/containers-resources-limits-memory/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv016" > https://avd.aquasec.com/appshield/ksv016< / a > < br > < / details > |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | < details > < summary > Expand...< / summary > Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.privileged' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv017" > https://avd.aquasec.com/appshield/ksv017< / a > < br > < / details > |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | < details > < summary > Expand...< / summary > Enforcing memory limits prevents DoS via resource exhaustion. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' resources.limits.memory' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-resources-limits-memory/" > https://kubesec.io/basics/containers-resources-limits-memory/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv018" > https://avd.aquasec.com/appshield/ksv018< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-flood' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with user ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsUser' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv020" > https://avd.aquasec.com/appshield/ksv020< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' RELEASE-NAME-flood' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
2022-03-02 12:51:49 +00:00
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' hostpatch' of Deployment ' RELEASE-NAME-flood' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | < details > < summary > Expand...< / summary > HostPath volumes must be forbidden. < br > < hr > < br > Deployment ' RELEASE-NAME-flood' should not set ' spec.template.volumes.hostPath' < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv023" > https://avd.aquasec.com/appshield/ksv023< / a > < br > < / details > |
2021-12-21 18:46:27 +00:00
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | < details > < summary > Expand...< / summary > Containers should be forbidden from running with a root primary or supplementary GID. < br > < hr > < br > Deployment ' RELEASE-NAME-flood' should set ' spec.securityContext.runAsGroup' , ' spec.securityContext.supplementalGroups[*]' and ' spec.securityContext.fsGroup' to integer greater than 0 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv029" > https://avd.aquasec.com/appshield/ksv029< / a > < br > < / details > |
2021-12-04 20:11:45 +00:00
## Containers
##### Detected Containers
2022-03-26 15:30:42 +00:00
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
2021-12-11 12:19:54 +00:00
tccr.io/truecharts/flood:v4.7.0@sha256:758b454843dcade464111920afce72994ecdbcfac1f4cf167a55936cec2ad616
2021-12-04 20:11:45 +00:00
##### Scan Results
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
2021-12-05 00:50:14 +00:00
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**alpine**
2021-12-04 20:34:35 +00:00
2022-03-30 20:23:21 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-04-20 21:21:59 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5359-1" > https://ubuntu.com/security/notices/USN-5359-1< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5111" > https://www.debian.org/security/2022/dsa-5111< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/24/1" > https://www.openwall.com/lists/oss-security/2022/03/24/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/1" > https://www.openwall.com/lists/oss-security/2022/03/28/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/3" > https://www.openwall.com/lists/oss-security/2022/03/28/3< / a > < br > < / details > |
2022-03-26 15:30:42 +00:00
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
2022-02-06 17:25:51 +00:00
**alpine**
2022-03-30 20:23:21 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-04-20 21:21:59 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5359-1" > https://ubuntu.com/security/notices/USN-5359-1< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5111" > https://www.debian.org/security/2022/dsa-5111< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/24/1" > https://www.openwall.com/lists/oss-security/2022/03/24/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/1" > https://www.openwall.com/lists/oss-security/2022/03/28/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/3" > https://www.openwall.com/lists/oss-security/2022/03/28/3< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
2021-12-11 12:19:54 +00:00
#### Container: tccr.io/truecharts/flood:v4.7.0@sha256:758b454843dcade464111920afce72994ecdbcfac1f4cf167a55936cec2ad616 (alpine 3.13.6)
2021-12-05 00:50:14 +00:00
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
**alpine**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-04-20 21:21:59 +00:00
| busybox | CVE-2022-28391 | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| busybox | CVE-2021-42378 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42378" > https://access.redhat.com/security/cve/CVE-2021-42378< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42378" > https://nvd.nist.gov/vuln/detail/CVE-2021-42378< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42379 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42379" > https://access.redhat.com/security/cve/CVE-2021-42379< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42379" > https://nvd.nist.gov/vuln/detail/CVE-2021-42379< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42380 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42380" > https://access.redhat.com/security/cve/CVE-2021-42380< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42380" > https://nvd.nist.gov/vuln/detail/CVE-2021-42380< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42381 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42381" > https://access.redhat.com/security/cve/CVE-2021-42381< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42381" > https://nvd.nist.gov/vuln/detail/CVE-2021-42381< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42382 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42382" > https://access.redhat.com/security/cve/CVE-2021-42382< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42382" > https://nvd.nist.gov/vuln/detail/CVE-2021-42382< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42383 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42383" > https://access.redhat.com/security/cve/CVE-2021-42383< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
| busybox | CVE-2021-42384 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42384" > https://access.redhat.com/security/cve/CVE-2021-42384< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42384" > https://nvd.nist.gov/vuln/detail/CVE-2021-42384< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42385 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42385" > https://access.redhat.com/security/cve/CVE-2021-42385< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42385" > https://nvd.nist.gov/vuln/detail/CVE-2021-42385< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42386 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42386" > https://access.redhat.com/security/cve/CVE-2021-42386< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42386" > https://nvd.nist.gov/vuln/detail/CVE-2021-42386< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42374 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42374" > https://access.redhat.com/security/cve/CVE-2021-42374< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42374" > https://nvd.nist.gov/vuln/detail/CVE-2021-42374< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| busybox | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42375" > https://access.redhat.com/security/cve/CVE-2021-42375< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
2022-04-26 20:05:48 +00:00
| libcrypto1.1 | CVE-2022-0778 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" > https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2022-0778" > https://access.redhat.com/security/cve/CVE-2022-0778< / a > < br > < a href = "https://crates.io/crates/openssl-src" > https://crates.io/crates/openssl-src< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778< / a > < br > < a href = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65< / a > < br > < a href = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83< / a > < br > < a href = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2022-0778.html" > https://linux.oracle.com/cve/CVE-2022-0778.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-9272.html" > https://linux.oracle.com/errata/ELSA-2022-9272.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" > https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" > https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" > https://nvd.nist.gov/vuln/detail/CVE-2022-0778< / a > < br > < a href = "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" > https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002< / a > < br > < a href = "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" > https://rustsec.org/advisories/RUSTSEC-2022-0014.html< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220321-0002/" > https://security.netapp.com/advisory/ntap-20220321-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5328-1" > https://ubuntu.com/security/notices/USN-5328-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5328-2" > https://ubuntu.com/security/notices/USN-5328-2< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5103" > https://www.debian.org/security/2022/dsa-5103< / a > < br > < a href = "https://www.openssl.org/news/secadv/20220315.txt" > https://www.openssl.org/news/secadv/20220315.txt< / a > < br > < a href = "https://www.oracle.com/security-alerts/cpuapr2022.html" > https://www.oracle.com/security-alerts/cpuapr2022.html< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-06" > https://www.tenable.com/security/tns-2022-06< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-07" > https://www.tenable.com/security/tns-2022-07< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-08" > https://www.tenable.com/security/tns-2022-08< / a > < br > < a href = "https://www.tenable.co
| libssl1.1 | CVE-2022-0778 | HIGH | 1.1.1l-r0 | 1.1.1n-r0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json" > https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0778.json< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2022-0778" > https://access.redhat.com/security/cve/CVE-2022-0778< / a > < br > < a href = "https://crates.io/crates/openssl-src" > https://crates.io/crates/openssl-src< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778< / a > < br > < a href = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65" > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65< / a > < br > < a href = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83" > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=380085481c64de749a6dd25cdf0bcf4360b30f83< / a > < br > < a href = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246" > https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a466912611aa6cbdf550cd10601390e587451246< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2022-0778.html" > https://linux.oracle.com/cve/CVE-2022-0778.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-9272.html" > https://linux.oracle.com/errata/ELSA-2022-9272.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html" > https://lists.debian.org/debian-lts-announce/2022/03/msg00023.html< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html" > https://lists.debian.org/debian-lts-announce/2022/03/msg00024.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/323SNN6ZX7PRJJWP2BUAFLPUAE42XWLZ/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GDB3GQVJPXJE7X5C5JN6JAA4XUDWD6E6/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6K3PR542DXWLEFFMFIDMME4CWMHJRMG/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-0778" > https://nvd.nist.gov/vuln/detail/CVE-2022-0778< / a > < br > < a href = "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002" > https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0002< / a > < br > < a href = "https://rustsec.org/advisories/RUSTSEC-2022-0014.html" > https://rustsec.org/advisories/RUSTSEC-2022-0014.html< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220321-0002/" > https://security.netapp.com/advisory/ntap-20220321-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5328-1" > https://ubuntu.com/security/notices/USN-5328-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5328-2" > https://ubuntu.com/security/notices/USN-5328-2< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5103" > https://www.debian.org/security/2022/dsa-5103< / a > < br > < a href = "https://www.openssl.org/news/secadv/20220315.txt" > https://www.openssl.org/news/secadv/20220315.txt< / a > < br > < a href = "https://www.oracle.com/security-alerts/cpuapr2022.html" > https://www.oracle.com/security-alerts/cpuapr2022.html< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-06" > https://www.tenable.com/security/tns-2022-06< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-07" > https://www.tenable.com/security/tns-2022-07< / a > < br > < a href = "https://www.tenable.com/security/tns-2022-08" > https://www.tenable.com/security/tns-2022-08< / a > < br > < a href = "https://www.tenable.com/s
2022-04-20 21:21:59 +00:00
| ssl_client | CVE-2022-28391 | CRITICAL | 1.32.1-r6 | 1.32.1-r8 | < details > < summary > Expand...< / summary > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| ssl_client | CVE-2021-42378 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42378" > https://access.redhat.com/security/cve/CVE-2021-42378< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42378" > https://nvd.nist.gov/vuln/detail/CVE-2021-42378< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42379 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42379" > https://access.redhat.com/security/cve/CVE-2021-42379< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42379" > https://nvd.nist.gov/vuln/detail/CVE-2021-42379< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42380 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42380" > https://access.redhat.com/security/cve/CVE-2021-42380< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42380" > https://nvd.nist.gov/vuln/detail/CVE-2021-42380< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42381 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42381" > https://access.redhat.com/security/cve/CVE-2021-42381< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42381" > https://nvd.nist.gov/vuln/detail/CVE-2021-42381< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42382 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42382" > https://access.redhat.com/security/cve/CVE-2021-42382< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42382" > https://nvd.nist.gov/vuln/detail/CVE-2021-42382< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42383 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42383" > https://access.redhat.com/security/cve/CVE-2021-42383< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
| ssl_client | CVE-2021-42384 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42384" > https://access.redhat.com/security/cve/CVE-2021-42384< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42384" > https://nvd.nist.gov/vuln/detail/CVE-2021-42384< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42385 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42385" > https://access.redhat.com/security/cve/CVE-2021-42385< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42385" > https://nvd.nist.gov/vuln/detail/CVE-2021-42385< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42386 | HIGH | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42386" > https://access.redhat.com/security/cve/CVE-2021-42386< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42386" > https://nvd.nist.gov/vuln/detail/CVE-2021-42386< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42374 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42374" > https://access.redhat.com/security/cve/CVE-2021-42374< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-42374" > https://nvd.nist.gov/vuln/detail/CVE-2021-42374< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5179-1" > https://ubuntu.com/security/notices/USN-5179-1< / a > < br > < / details > |
| ssl_client | CVE-2021-42375 | MEDIUM | 1.32.1-r6 | 1.32.1-r7 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-42375" > https://access.redhat.com/security/cve/CVE-2021-42375< / a > < br > < a href = "https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/" > https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20211223-0002/" > https://security.netapp.com/advisory/ntap-20211223-0002/< / a > < br > < / details > |
2022-04-20 21:21:59 +00:00
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | < details > < summary > Expand...< / summary > < a href = "http://www.openwall.com/lists/oss-security/2022/03/25/2" > http://www.openwall.com/lists/oss-security/2022/03/25/2< / a > < br > < a href = "http://www.openwall.com/lists/oss-security/2022/03/26/1" > http://www.openwall.com/lists/oss-security/2022/03/26/1< / a > < br > < a href = "https://access.redhat.com/security/cve/CVE-2018-25032" > https://access.redhat.com/security/cve/CVE-2018-25032< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032< / a > < br > < a href = "https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531" > https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531< / a > < br > < a href = "https://github.com/madler/zlib/compare/v1.2.11...v1.2.12" > https://github.com/madler/zlib/compare/v1.2.11...v1.2.12< / a > < br > < a href = "https://github.com/madler/zlib/issues/605" > https://github.com/madler/zlib/issues/605< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4" > https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4< / a > < br > < a href = "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5" > https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5< / a > < br > < a href = "https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ" > https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html" > https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html< / a > < br > < a href = "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/" > https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2018-25032" > https://nvd.nist.gov/vuln/detail/CVE-2018-25032< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-1" > https://ubuntu.com/security/notices/USN-5355-1< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5355-2" > https://ubuntu.com/security/notices/USN-5355-2< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5359-1" > https://ubuntu.com/security/notices/USN-5359-1< / a > < br > < a href = "https://www.debian.org/security/2022/dsa-5111" > https://www.debian.org/security/2022/dsa-5111< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/24/1" > https://www.openwall.com/lists/oss-security/2022/03/24/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/1" > https://www.openwall.com/lists/oss-security/2022/03/28/1< / a > < br > < a href = "https://www.openwall.com/lists/oss-security/2022/03/28/3" > https://www.openwall.com/lists/oss-security/2022/03/28/3< / a > < br > < / details > |
2021-12-05 00:50:14 +00:00
2021-12-04 20:11:45 +00:00
**node-pkg**
2021-12-04 20:34:35 +00:00
2021-12-04 20:11:45 +00:00
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
2022-04-20 21:21:59 +00:00
| ansi-regex | CVE-2021-3807 | MEDIUM | 3.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-3807" > https://access.redhat.com/security/cve/CVE-2021-3807< / a > < br > < a href = "https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908" > https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908< / a > < br > < a href = "https://github.com/advisories/GHSA-93q8-gq69-wqmw" > https://github.com/advisories/GHSA-93q8-gq69-wqmw< / a > < br > < a href = "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" > https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9< / a > < br > < a href = "https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311" > https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311< / a > < br > < a href = "https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774" > https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774< / a > < br > < a href = "https://github.com/chalk/ansi-regex/releases/tag/v6.0.1" > https://github.com/chalk/ansi-regex/releases/tag/v6.0.1< / a > < br > < a href = "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994" > https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2021-3807.html" > https://linux.oracle.com/cve/CVE-2021-3807.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-0350.html" > https://linux.oracle.com/errata/ELSA-2022-0350.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-3807" > https://nvd.nist.gov/vuln/detail/CVE-2021-3807< / a > < br > < a href = "https://www.oracle.com/security-alerts/cpuapr2022.html" > https://www.oracle.com/security-alerts/cpuapr2022.html< / a > < br > < / details > |
| ansi-regex | CVE-2021-3807 | MEDIUM | 5.0.0 | 3.0.1, 4.1.1, 5.0.1, 6.0.1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-3807" > https://access.redhat.com/security/cve/CVE-2021-3807< / a > < br > < a href = "https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908" > https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908< / a > < br > < a href = "https://github.com/advisories/GHSA-93q8-gq69-wqmw" > https://github.com/advisories/GHSA-93q8-gq69-wqmw< / a > < br > < a href = "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9" > https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9< / a > < br > < a href = "https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311" > https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311< / a > < br > < a href = "https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774" > https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774< / a > < br > < a href = "https://github.com/chalk/ansi-regex/releases/tag/v6.0.1" > https://github.com/chalk/ansi-regex/releases/tag/v6.0.1< / a > < br > < a href = "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994" > https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2021-3807.html" > https://linux.oracle.com/cve/CVE-2021-3807.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-0350.html" > https://linux.oracle.com/errata/ELSA-2022-0350.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-3807" > https://nvd.nist.gov/vuln/detail/CVE-2021-3807< / a > < br > < a href = "https://www.oracle.com/security-alerts/cpuapr2022.html" > https://www.oracle.com/security-alerts/cpuapr2022.html< / a > < br > < / details > |
| async | CVE-2021-43138 | HIGH | 2.6.3 | 2.6.4, 3.2.2 | < details > < summary > Expand...< / summary > < a href = "https://github.com/advisories/GHSA-fwr7-v2mv-hh25" > https://github.com/advisories/GHSA-fwr7-v2mv-hh25< / a > < br > < a href = "https://github.com/caolan/async/blob/master/lib/internal/iterator.js" > https://github.com/caolan/async/blob/master/lib/internal/iterator.js< / a > < br > < a href = "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js" > https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js< / a > < br > < a href = "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264" > https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264< / a > < br > < a href = "https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2" > https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2< / a > < br > < a href = "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d" > https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d< / a > < br > < a href = "https://github.com/caolan/async/pull/1828" > https://github.com/caolan/async/pull/1828< / a > < br > < a href = "https://jsfiddle.net/oz5twjd9/" > https://jsfiddle.net/oz5twjd9/< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43138" > https://nvd.nist.gov/vuln/detail/CVE-2021-43138< / a > < br > < / details > |
2022-03-30 20:23:21 +00:00
| json-schema | CVE-2021-3918 | MEDIUM | 0.2.3 | 0.4.0 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-3918" > https://access.redhat.com/security/cve/CVE-2021-3918< / a > < br > < a href = "https://github.com/advisories/GHSA-896r-f27r-55mw" > https://github.com/advisories/GHSA-896r-f27r-55mw< / a > < br > < a href = "https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741" > https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741< / a > < br > < a href = "https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a" > https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a< / a > < br > < a href = "https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa" > https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa< / a > < br > < a href = "https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9" > https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9< / a > < br > < a href = "https://linux.oracle.com/cve/CVE-2021-3918.html" > https://linux.oracle.com/cve/CVE-2021-3918.html< / a > < br > < a href = "https://linux.oracle.com/errata/ELSA-2022-0350.html" > https://linux.oracle.com/errata/ELSA-2022-0350.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-3918" > https://nvd.nist.gov/vuln/detail/CVE-2021-3918< / a > < br > < / details > |