TrueChartsClone/charts/stable/openvscode-server/security.md

164 lines
119 KiB
Markdown
Raw Normal View History

---
hide:
- toc
---
# Security Overview
<link href="https://truecharts.org/_static/trivy.css" type="text/css" rel="stylesheet" />
## Helm-Chart
##### Scan Results
#### Chart Object: openvscode-server/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-openvscode-server&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;resources.limits.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-openvscode-server&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-openvscode-server&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;resources.requests.cpu&#39; </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
| Kubernetes Security Check | KSV016 | Memory requests not specified | LOW | <details><summary>Expand...</summary> When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;resources.requests.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv016">https://avd.aquasec.com/appshield/ksv016</a><br></details> |
| Kubernetes Security Check | KSV017 | Privileged container | HIGH | <details><summary>Expand...</summary> Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.privileged&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv017">https://avd.aquasec.com/appshield/ksv017</a><br></details> |
| Kubernetes Security Check | KSV018 | Memory not limited | LOW | <details><summary>Expand...</summary> Enforcing memory limits prevents DoS via resource exhaustion. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;resources.limits.memory&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-resources-limits-memory/">https://kubesec.io/basics/containers-resources-limits-memory/</a><br><a href="https://avd.aquasec.com/appshield/ksv018">https://avd.aquasec.com/appshield/ksv018</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-openvscode-server&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-openvscode-server&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;hostpatch&#39; of Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM | <details><summary>Expand...</summary> HostPath volumes must be forbidden. <br> <hr> <br> Deployment &#39;RELEASE-NAME-openvscode-server&#39; should not set &#39;spec.template.volumes.hostPath&#39; </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline">https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline</a><br><a href="https://avd.aquasec.com/appshield/ksv023">https://avd.aquasec.com/appshield/ksv023</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-openvscode-server&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
##### Detected Containers
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
tccr.io/truecharts/openvscode-server:v1.66.1
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | <details><summary>Expand...</summary><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch</a><br><a href="https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch">https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch</a><br><a href="https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661">https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-28391">https://nvd.nist.gov/vuln/detail/CVE-2022-28391</a><br></details> |
| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
#### Container: tccr.io/truecharts/openvscode-server:v1.66.1 (ubuntu 20.04)
**ubuntu**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| bash | CVE-2019-18276 | LOW | 5.0-6ubuntu1.1 | 5.0-6ubuntu1.2 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html">http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-18276">https://access.redhat.com/security/cve/CVE-2019-18276</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276</a><br><a href="https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff">https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff</a><br><a href="https://linux.oracle.com/cve/CVE-2019-18276.html">https://linux.oracle.com/cve/CVE-2019-18276.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-1679.html">https://linux.oracle.com/errata/ELSA-2021-1679.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-18276">https://nvd.nist.gov/vuln/detail/CVE-2019-18276</a><br><a href="https://security.gentoo.org/glsa/202105-34">https://security.gentoo.org/glsa/202105-34</a><br><a href="https://security.netapp.com/advisory/ntap-20200430-0003/">https://security.netapp.com/advisory/ntap-20200430-0003/</a><br><a href="https://ubuntu.com/security/notices/USN-5380-1">https://ubuntu.com/security/notices/USN-5380-1</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br><a href="https://www.youtube.com/watch?v=-wGtxJ8opa8">https://www.youtube.com/watch?v=-wGtxJ8opa8</a><br></details> |
| coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | | <details><summary>Expand...</summary><a href="http://seclists.org/oss-sec/2016/q1/452">http://seclists.org/oss-sec/2016/q1/452</a><br><a href="http://www.openwall.com/lists/oss-security/2016/02/28/2">http://www.openwall.com/lists/oss-security/2016/02/28/2</a><br><a href="http://www.openwall.com/lists/oss-security/2016/02/28/3">http://www.openwall.com/lists/oss-security/2016/02/28/3</a><br><a href="https://access.redhat.com/security/cve/CVE-2016-2781">https://access.redhat.com/security/cve/CVE-2016-2781</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://lore.kernel.org/patchwork/patch/793178/">https://lore.kernel.org/patchwork/patch/793178/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-2781">https://nvd.nist.gov/vuln/detail/CVE-2016-2781</a><br></details> |
| git | CVE-2018-1000021 | LOW | 1:2.25.1-1ubuntu3.3 | | <details><summary>Expand...</summary><a href="http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html">http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-1000021">https://access.redhat.com/security/cve/CVE-2018-1000021</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021</a><br></details> |
| git-man | CVE-2018-1000021 | LOW | 1:2.25.1-1ubuntu3.3 | | <details><summary>Expand...</summary><a href="http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html">http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-1000021">https://access.redhat.com/security/cve/CVE-2018-1000021</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021</a><br></details> |
| gzip | CVE-2022-1271 | MEDIUM | 1.10-0ubuntu4 | 1.10-0ubuntu4.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1271">https://access.redhat.com/security/cve/CVE-2022-1271</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271</a><br><a href="https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html">https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html</a><br><a href="https://ubuntu.com/security/notices/USN-5378-1">https://ubuntu.com/security/notices/USN-5378-1</a><br><a href="https://ubuntu.com/security/notices/USN-5378-2">https://ubuntu.com/security/notices/USN-5378-2</a><br><a href="https://ubuntu.com/security/notices/USN-5378-3">https://ubuntu.com/security/notices/USN-5378-3</a><br><a href="https://ubuntu.com/security/notices/USN-5378-4">https://ubuntu.com/security/notices/USN-5378-4</a><br><a href="https://www.openwall.com/lists/oss-security/2022/04/07/8">https://www.openwall.com/lists/oss-security/2022/04/07/8</a><br></details> |
| krb5-locales | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36222">https://access.redhat.com/security/cve/CVE-2021-36222</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">https://nvd.nist.gov/vuln/detail/CVE-2021-36222</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| krb5-locales | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-5709">https://access.redhat.com/security/cve/CVE-2018-5709</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libasn1-8-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libgmp10 | CVE-2021-43618 | LOW | 2:6.2.0+dfsg-4 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-43618">https://access.redhat.com/security/cve/CVE-2021-43618</a><br><a href="https://bugs.debian.org/994405">https://bugs.debian.org/994405</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618</a><br><a href="https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html">https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html</a><br><a href="https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e">https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e</a><br><a href="https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html">https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43618">https://nvd.nist.gov/vuln/detail/CVE-2021-43618</a><br></details> |
| libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36222">https://access.redhat.com/security/cve/CVE-2021-36222</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">https://nvd.nist.gov/vuln/detail/CVE-2021-36222</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-5709">https://access.redhat.com/security/cve/CVE-2018-5709</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libgssapi3-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libhcrypto4-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libheimbase1-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libheimntlm0-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libhx509-5-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36222">https://access.redhat.com/security/cve/CVE-2021-36222</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">https://nvd.nist.gov/vuln/detail/CVE-2021-36222</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libk5crypto3 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-5709">https://access.redhat.com/security/cve/CVE-2018-5709</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libkrb5-26-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36222">https://access.redhat.com/security/cve/CVE-2021-36222</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">https://nvd.nist.gov/vuln/detail/CVE-2021-36222</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libkrb5-3 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-5709">https://access.redhat.com/security/cve/CVE-2018-5709</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libkrb5support0 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36222">https://access.redhat.com/security/cve/CVE-2021-36222</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222</a><br><a href="https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562">https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562</a><br><a href="https://github.com/krb5/krb5/releases">https://github.com/krb5/krb5/releases</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36222.html">https://linux.oracle.com/cve/CVE-2021-36222.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-3576.html">https://linux.oracle.com/errata/ELSA-2021-3576.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36222">https://nvd.nist.gov/vuln/detail/CVE-2021-36222</a><br><a href="https://security.netapp.com/advisory/ntap-20211022-0003/">https://security.netapp.com/advisory/ntap-20211022-0003/</a><br><a href="https://security.netapp.com/advisory/ntap-20211104-0007/">https://security.netapp.com/advisory/ntap-20211104-0007/</a><br><a href="https://web.mit.edu/kerberos/advisories/">https://web.mit.edu/kerberos/advisories/</a><br><a href="https://www.debian.org/security/2021/dsa-4944">https://www.debian.org/security/2021/dsa-4944</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| libkrb5support0 | CVE-2018-5709 | LOW | 1.17-6ubuntu4.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2018-5709">https://access.redhat.com/security/cve/CVE-2018-5709</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709</a><br><a href="https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow">https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| liblzma5 | CVE-2022-1271 | MEDIUM | 5.2.4-1ubuntu1 | 5.2.4-1ubuntu1.1 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2022-1271">https://access.redhat.com/security/cve/CVE-2022-1271</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271</a><br><a href="https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html">https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html</a><br><a href="https://ubuntu.com/security/notices/USN-5378-1">https://ubuntu.com/security/notices/USN-5378-1</a><br><a href="https://ubuntu.com/security/notices/USN-5378-2">https://ubuntu.com/security/notices/USN-5378-2</a><br><a href="https://ubuntu.com/security/notices/USN-5378-3">https://ubuntu.com/security/notices/USN-5378-3</a><br><a href="https://ubuntu.com/security/notices/USN-5378-4">https://ubuntu.com/security/notices/USN-5378-4</a><br><a href="https://www.openwall.com/lists/oss-security/2022/04/07/8">https://www.openwall.com/lists/oss-security/2022/04/07/8</a><br></details> |
| libpcre3 | CVE-2017-11164 | LOW | 2:8.39-12build1 | | <details><summary>Expand...</summary><a href="http://openwall.com/lists/oss-security/2017/07/11/3">http://openwall.com/lists/oss-security/2017/07/11/3</a><br><a href="http://www.securityfocus.com/bid/99575">http://www.securityfocus.com/bid/99575</a><br><a href="https://access.redhat.com/security/cve/CVE-2017-11164">https://access.redhat.com/security/cve/CVE-2017-11164</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br></details> |
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12build1 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-20838">https://access.redhat.com/security/cve/CVE-2019-20838</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20838">https://nvd.nist.gov/vuln/detail/CVE-2019-20838</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
| libpcre3 | CVE-2020-14155 | LOW | 2:8.39-12build1 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/">https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-14155">https://access.redhat.com/security/cve/CVE-2020-14155</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155</a><br><a href="https://linux.oracle.com/cve/CVE-2020-14155.html">https://linux.oracle.com/cve/CVE-2020-14155.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14155">https://nvd.nist.gov/vuln/detail/CVE-2020-14155</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
| libperl5.30 | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-16156">https://access.redhat.com/security/cve/CVE-2020-16156</a><br><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156</a><br><a href="https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c">https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/</a><br><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">https://metacpan.org/pod/distribution/CPAN/scripts/cpan</a><br></details> |
| libroken18-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| libsepol1 | CVE-2021-36084 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36084">https://access.redhat.com/security/cve/CVE-2021-36084</a><br><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36085 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36085">https://access.redhat.com/security/cve/CVE-2021-36085</a><br><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36086 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36086">https://access.redhat.com/security/cve/CVE-2021-36086</a><br><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086</a><br><a href="https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8">https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36086.html">https://linux.oracle.com/cve/CVE-2021-36086.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
| libsepol1 | CVE-2021-36087 | LOW | 3.0-1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-36087">https://access.redhat.com/security/cve/CVE-2021-36087</a><br><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087</a><br><a href="https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521">https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36087.html">https://linux.oracle.com/cve/CVE-2021-36087.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br><a href="https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/">https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/</a><br></details> |
| libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/HT211168">https://support.apple.com/HT211168</a><br><a href="https://support.apple.com/HT211170">https://support.apple.com/HT211170</a><br><a href="https://support.apple.com/HT211171">https://support.apple.com/HT211171</a><br><a href="https://support.apple.com/HT211175">https://support.apple.com/HT211175</a><br><a href="https://support.apple.com/HT211178">https://support.apple.com/HT211178</a><br><a href="https://support.apple.com/HT211179">https://support.apple.com/HT211179</a><br><a href="https://support.apple.com/HT211181">https://support.apple.com/HT211181</a><br><a href="https://vuldb.com/?id.155768">https://vuldb.com/?id.155768</a><br></details> |
| libsqlite3-0 | CVE-2020-9849 | LOW | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/en-us/HT211843">https://support.apple.com/en-us/HT211843</a><br><a href="https://support.apple.com/en-us/HT211844">https://support.apple.com/en-us/HT211844</a><br><a href="https://support.apple.com/en-us/HT211850">https://support.apple.com/en-us/HT211850</a><br><a href="https://support.apple.com/en-us/HT211931">https://support.apple.com/en-us/HT211931</a><br><a href="https://support.apple.com/en-us/HT211935">https://support.apple.com/en-us/HT211935</a><br><a href="https://support.apple.com/en-us/HT211952">https://support.apple.com/en-us/HT211952</a><br><a href="https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/">https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/</a><br></details> |
| libsqlite3-0 | CVE-2020-9991 | LOW | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/en-us/HT211843">https://support.apple.com/en-us/HT211843</a><br><a href="https://support.apple.com/en-us/HT211844">https://support.apple.com/en-us/HT211844</a><br><a href="https://support.apple.com/en-us/HT211847">https://support.apple.com/en-us/HT211847</a><br><a href="https://support.apple.com/en-us/HT211850">https://support.apple.com/en-us/HT211850</a><br><a href="https://support.apple.com/en-us/HT211931">https://support.apple.com/en-us/HT211931</a><br><a href="https://support.apple.com/kb/HT211846">https://support.apple.com/kb/HT211846</a><br><a href="https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/">https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/</a><br></details> |
| libsqlite3-0 | CVE-2021-36690 | LOW | 3.31.1-4ubuntu0.2 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36690">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36690</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-36690">https://nvd.nist.gov/vuln/detail/CVE-2021-36690</a><br><a href="https://www.oracle.com/security-alerts/cpujan2022.html">https://www.oracle.com/security-alerts/cpujan2022.html</a><br><a href="https://www.sqlite.org/forum/forumpost/718c0a8d17">https://www.sqlite.org/forum/forumpost/718c0a8d17</a><br></details> |
| libwind0-heimdal | CVE-2021-3671 | LOW | 7.7.0+dfsg-1ubuntu1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-3671">https://access.redhat.com/security/cve/CVE-2021-3671</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2013080,">https://bugzilla.redhat.com/show_bug.cgi?id=2013080,</a><br><a href="https://bugzilla.samba.org/show_bug.cgi?id=14770,">https://bugzilla.samba.org/show_bug.cgi?id=14770,</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671</a><br><a href="https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a">https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-3671">https://nvd.nist.gov/vuln/detail/CVE-2021-3671</a><br><a href="https://ubuntu.com/security/notices/USN-5142-1">https://ubuntu.com/security/notices/USN-5142-1</a><br><a href="https://ubuntu.com/security/notices/USN-5174-1">https://ubuntu.com/security/notices/USN-5174-1</a><br></details> |
| login | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2013-4235">https://access.redhat.com/security/cve/CVE-2013-4235</a><br><a href="https://access.redhat.com/security/cve/cve-2013-4235">https://access.redhat.com/security/cve/cve-2013-4235</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">https://security-tracker.debian.org/tracker/CVE-2013-4235</a><br></details> |
| openssh-client | CVE-2020-14145 | LOW | 1:8.2p1-4ubuntu0.4 | | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2020/12/02/1">http://www.openwall.com/lists/oss-security/2020/12/02/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-14145">https://access.redhat.com/security/cve/CVE-2020-14145</a><br><a href="https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d">https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145</a><br><a href="https://docs.ssh-mitm.at/CVE-2020-14145.html">https://docs.ssh-mitm.at/CVE-2020-14145.html</a><br><a href="https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1">https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1</a><br><a href="https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py">https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py</a><br><a href="https://linux.oracle.com/cve/CVE-2020-14145.html">https://linux.oracle.com/cve/CVE-2020-14145.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4368.html">https://linux.oracle.com/errata/ELSA-2021-4368.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-14145">https://nvd.nist.gov/vuln/detail/CVE-2020-14145</a><br><a href="https://security.gentoo.org/glsa/202105-35">https://security.gentoo.org/glsa/202105-35</a><br><a href="https://security.netapp.com/advisory/ntap-20200709-0004/">https://security.netapp.com/advisory/ntap-20200709-0004/</a><br><a href="https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/">https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/</a><br><a href="https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf">https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf</a><br></details> |
| openssh-client | CVE-2021-41617 | LOW | 1:8.2p1-4ubuntu0.4 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-41617">https://access.redhat.com/security/cve/CVE-2021-41617</a><br><a href="https://bugzilla.suse.com/show_bug.cgi?id=1190975">https://bugzilla.suse.com/show_bug.cgi?id=1190975</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617</a><br><a href="https://linux.oracle.com/cve/CVE-2021-41617.html">https://linux.oracle.com/cve/CVE-2021-41617.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-9575.html">https://linux.oracle.com/errata/ELSA-2021-9575.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-41617">https://nvd.nist.gov/vuln/detail/CVE-2021-41617</a><br><a href="https://security.netapp.com/advisory/ntap-20211014-0004/">https://security.netapp.com/advisory/ntap-20211014-0004/</a><br><a href="https://www.openssh.com/security.html">https://www.openssh.com/security.html</a><br><a href="https://www.openssh.com/txt/release-8.8">https://www.openssh.com/txt/release-8.8</a><br><a href="https://www.openwall.com/lists/oss-security/2021/09/26/1">https://www.openwall.com/lists/oss-security/2021/09/26/1</a><br><a href="https://www.oracle.com/security-alerts/cpuapr2022.html">https://www.oracle.com/security-alerts/cpuapr2022.html</a><br></details> |
| passwd | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04.1 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2013-4235">https://access.redhat.com/security/cve/CVE-2013-4235</a><br><a href="https://access.redhat.com/security/cve/cve-2013-4235">https://access.redhat.com/security/cve/cve-2013-4235</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://security-tracker.debian.org/tracker/CVE-2013-4235">https://security-tracker.debian.org/tracker/CVE-2013-4235</a><br></details> |
| patch | CVE-2018-6952 | LOW | 2.7.6-6 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/103047">http://www.securityfocus.com/bid/103047</a><br><a href="https://access.redhat.com/errata/RHSA-2019:2033">https://access.redhat.com/errata/RHSA-2019:2033</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-6952">https://access.redhat.com/security/cve/CVE-2018-6952</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952</a><br><a href="https://linux.oracle.com/cve/CVE-2018-6952.html">https://linux.oracle.com/cve/CVE-2018-6952.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-2033.html">https://linux.oracle.com/errata/ELSA-2019-2033.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-6952">https://nvd.nist.gov/vuln/detail/CVE-2018-6952</a><br><a href="https://savannah.gnu.org/bugs/index.php?53133">https://savannah.gnu.org/bugs/index.php?53133</a><br><a href="https://security.gentoo.org/glsa/201904-17">https://security.gentoo.org/glsa/201904-17</a><br></details> |
| patch | CVE-2021-45261 | LOW | 2.7.6-6 | | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-45261">https://access.redhat.com/security/cve/CVE-2021-45261</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45261">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45261</a><br><a href="https://savannah.gnu.org/bugs/?61685">https://savannah.gnu.org/bugs/?61685</a><br></details> |
| perl | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-16156">https://access.redhat.com/security/cve/CVE-2020-16156</a><br><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156</a><br><a href="https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c">https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/</a><br><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">https://metacpan.org/pod/distribution/CPAN/scripts/cpan</a><br></details> |
| perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-16156">https://access.redhat.com/security/cve/CVE-2020-16156</a><br><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156</a><br><a href="https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c">https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/</a><br><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">https://metacpan.org/pod/distribution/CPAN/scripts/cpan</a><br></details> |
| perl-modules-5.30 | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | | <details><summary>Expand...</summary><a href="http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html">http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-16156">https://access.redhat.com/security/cve/CVE-2020-16156</a><br><a href="https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/">https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156</a><br><a href="https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c">https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/</a><br><a href="https://metacpan.org/pod/distribution/CPAN/scripts/cpan">https://metacpan.org/pod/distribution/CPAN/scripts/cpan</a><br></details> |
| zlib1g | CVE-2018-25032 | MEDIUM | 1:1.2.11.dfsg-2ubuntu1.2 | 1:1.2.11.dfsg-2ubuntu1.3 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2022/03/25/2">http://www.openwall.com/lists/oss-security/2022/03/25/2</a><br><a href="http://www.openwall.com/lists/oss-security/2022/03/26/1">http://www.openwall.com/lists/oss-security/2022/03/26/1</a><br><a href="https://access.redhat.com/security/cve/CVE-2018-25032">https://access.redhat.com/security/cve/CVE-2018-25032</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032</a><br><a href="https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531">https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531</a><br><a href="https://github.com/madler/zlib/compare/v1.2.11...v1.2.12">https://github.com/madler/zlib/compare/v1.2.11...v1.2.12</a><br><a href="https://github.com/madler/zlib/issues/605">https://github.com/madler/zlib/issues/605</a><br><a href="https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4">https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4</a><br><a href="https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5">https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5</a><br><a href="https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ">https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ</a><br><a href="https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html">https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-25032">https://nvd.nist.gov/vuln/detail/CVE-2018-25032</a><br><a href="https://ubuntu.com/security/notices/USN-5355-1">https://ubuntu.com/security/notices/USN-5355-1</a><br><a href="https://ubuntu.com/security/notices/USN-5355-2">https://ubuntu.com/security/notices/USN-5355-2</a><br><a href="https://ubuntu.com/security/notices/USN-5359-1">https://ubuntu.com/security/notices/USN-5359-1</a><br><a href="https://www.debian.org/security/2022/dsa-5111">https://www.debian.org/security/2022/dsa-5111</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/24/1">https://www.openwall.com/lists/oss-security/2022/03/24/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/1">https://www.openwall.com/lists/oss-security/2022/03/28/1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/03/28/3">https://www.openwall.com/lists/oss-security/2022/03/28/3</a><br></details> |
**node-pkg**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| diff | GHSA-h6ch-v84p-w6p9 | HIGH | 1.0.0 | 3.5.0 | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1552148">https://bugzilla.redhat.com/show_bug.cgi?id=1552148</a><br><a href="https://github.com/advisories/GHSA-h6ch-v84p-w6p9">https://github.com/advisories/GHSA-h6ch-v84p-w6p9</a><br><a href="https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0">https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0</a><br><a href="https://snyk.io/vuln/npm:diff:20180305">https://snyk.io/vuln/npm:diff:20180305</a><br><a href="https://www.npmjs.com/advisories/1631">https://www.npmjs.com/advisories/1631</a><br><a href="https://www.whitesourcesoftware.com/vulnerability-database/WS-2018-0590">https://www.whitesourcesoftware.com/vulnerability-database/WS-2018-0590</a><br></details> |
| grunt | CVE-2020-7729 | HIGH | 1.0.0 | 1.3.0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7729">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7729</a><br><a href="https://github.com/advisories/GHSA-m5pj-vjjf-4m3h">https://github.com/advisories/GHSA-m5pj-vjjf-4m3h</a><br><a href="https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249">https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249</a><br><a href="https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7">https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html">https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7729">https://nvd.nist.gov/vuln/detail/CVE-2020-7729</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922</a><br><a href="https://snyk.io/vuln/SNYK-JS-GRUNT-597546">https://snyk.io/vuln/SNYK-JS-GRUNT-597546</a><br><a href="https://ubuntu.com/security/notices/USN-4595-1">https://ubuntu.com/security/notices/USN-4595-1</a><br><a href="https://usn.ubuntu.com/4595-1/">https://usn.ubuntu.com/4595-1/</a><br></details> |
| handlebars | CVE-2019-19919 | CRITICAL | 1.0.0 | 4.3.0 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-19919">https://access.redhat.com/security/cve/CVE-2019-19919</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919</a><br><a href="https://github.com/advisories/GHSA-w457-6q6x-cgp9">https://github.com/advisories/GHSA-w457-6q6x-cgp9</a><br><a href="https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc">https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc</a><br><a href="https://github.com/wycats/handlebars.js/issues/1558">https://github.com/wycats/handlebars.js/issues/1558</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-19919">https://nvd.nist.gov/vuln/detail/CVE-2019-19919</a><br><a href="https://www.npmjs.com/advisories/1164">https://www.npmjs.com/advisories/1164</a><br></details> |
| handlebars | CVE-2021-23369 | CRITICAL | 1.0.0 | 4.7.7 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-23369">https://access.redhat.com/security/cve/CVE-2021-23369</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369</a><br><a href="https://github.com/advisories/GHSA-f2jv-r9rf-7988">https://github.com/advisories/GHSA-f2jv-r9rf-7988</a><br><a href="https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8">https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8</a><br><a href="https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427">https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23369">https://nvd.nist.gov/vuln/detail/CVE-2021-23369</a><br><a href="https://security.netapp.com/advisory/ntap-20210604-0008/">https://security.netapp.com/advisory/ntap-20210604-0008/</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952</a><br><a href="https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767">https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767</a><br></details> |
| handlebars | CVE-2021-23383 | CRITICAL | 1.0.0 | 4.7.7 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2021-23383">https://access.redhat.com/security/cve/CVE-2021-23383</a><br><a href="https://github.com/advisories/GHSA-765h-qjxv-5f44">https://github.com/advisories/GHSA-765h-qjxv-5f44</a><br><a href="https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427">https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23383">https://nvd.nist.gov/vuln/detail/CVE-2021-23383</a><br><a href="https://security.netapp.com/advisory/ntap-20210618-0007/">https://security.netapp.com/advisory/ntap-20210618-0007/</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032</a><br><a href="https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030">https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030</a><br><a href="https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029">https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029</a><br><a href="https://www.npmjs.com/package/handlebars">https://www.npmjs.com/package/handlebars</a><br></details> |
| handlebars | CVE-2019-20920 | HIGH | 1.0.0 | 4.5.3, 3.0.8 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2019-20920">https://access.redhat.com/security/cve/CVE-2019-20920</a><br><a href="https://github.com/advisories/GHSA-3cqr-58rm-57f8">https://github.com/advisories/GHSA-3cqr-58rm-57f8</a><br><a href="https://github.com/handlebars-lang/handlebars.js/commit/d54137810a49939fd2ad01a91a34e182ece4528e">https://github.com/handlebars-lang/handlebars.js/commit/d54137810a49939fd2ad01a91a34e182ece4528e</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20920">https://nvd.nist.gov/vuln/detail/CVE-2019-20920</a><br><a href="https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478">https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478</a><br><a href="https://www.npmjs.com/advisories/1316">https://www.npmjs.com/advisories/1316</a><br><a href="https://www.npmjs.com/advisories/1324">https://www.npmjs.com/advisories/1324</a><br><a href="https://www.npmjs.com/package/handlebars">https://www.npmjs.com/package/handlebars</a><br></details> |
| handlebars | GHSA-2cf5-4w76-r9qv | HIGH | 1.0.0 | 4.5.2, 3.0.8 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-2cf5-4w76-r9qv">https://github.com/advisories/GHSA-2cf5-4w76-r9qv</a><br><a href="https://www.npmjs.com/advisories/1316">https://www.npmjs.com/advisories/1316</a><br></details> |
| handlebars | GHSA-g9r4-xpmj-mj65 | HIGH | 1.0.0 | 4.5.3, 3.0.8 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-g9r4-xpmj-mj65">https://github.com/advisories/GHSA-g9r4-xpmj-mj65</a><br><a href="https://www.npmjs.com/advisories/1325">https://www.npmjs.com/advisories/1325</a><br></details> |
| handlebars | GHSA-q2c6-c6pm-g3gh | HIGH | 1.0.0 | 4.5.3, 3.0.8 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-q2c6-c6pm-g3gh">https://github.com/advisories/GHSA-q2c6-c6pm-g3gh</a><br><a href="https://www.npmjs.com/advisories/1324">https://www.npmjs.com/advisories/1324</a><br></details> |
| handlebars | GHSA-q42p-pg8m-cqh6 | HIGH | 1.0.0 | 3.0.7, 4.0.14, 4.1.2 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-q42p-pg8m-cqh6">https://github.com/advisories/GHSA-q42p-pg8m-cqh6</a><br><a href="https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86">https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86</a><br><a href="https://github.com/handlebars-lang/handlebars.js/issues/1495">https://github.com/handlebars-lang/handlebars.js/issues/1495</a><br><a href="https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692">https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692</a><br><a href="https://www.npmjs.com/advisories/755">https://www.npmjs.com/advisories/755</a><br></details> |
| handlebars | CVE-2015-8861 | MEDIUM | 1.0.0 | &gt;=4.0.0 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2016/04/20/11">http://www.openwall.com/lists/oss-security/2016/04/20/11</a><br><a href="http://www.securityfocus.com/bid/96434">http://www.securityfocus.com/bid/96434</a><br><a href="https://blog.srcclr.com/handlebars_vulnerability_research_findings/">https://blog.srcclr.com/handlebars_vulnerability_research_findings/</a><br><a href="https://github.com/advisories/GHSA-9prh-257w-9277">https://github.com/advisories/GHSA-9prh-257w-9277</a><br><a href="https://github.com/wycats/handlebars.js/pull/1083">https://github.com/wycats/handlebars.js/pull/1083</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2015-8861">https://nvd.nist.gov/vuln/detail/CVE-2015-8861</a><br><a href="https://www.npmjs.com/advisories/61">https://www.npmjs.com/advisories/61</a><br><a href="https://www.sourceclear.com/blog/handlebars_vulnerability_research_findings/">https://www.sourceclear.com/blog/handlebars_vulnerability_research_findings/</a><br><a href="https://www.tenable.com/security/tns-2016-18">https://www.tenable.com/security/tns-2016-18</a><br></details> |
| handlebars | NSWG-ECO-519 | MEDIUM | 1.0.0 | &gt;=4.6.0 | <details><summary>Expand...</summary><a href="https://hackerone.com/reports/726364">https://hackerone.com/reports/726364</a><br></details> |
| ini | CVE-2020-7788 | HIGH | 1.0.0 | 1.3.6 | <details><summary>Expand...</summary><a href="https://access.redhat.com/security/cve/CVE-2020-7788">https://access.redhat.com/security/cve/CVE-2020-7788</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788</a><br><a href="https://github.com/advisories/GHSA-qqgx-2p2h-9c37">https://github.com/advisories/GHSA-qqgx-2p2h-9c37</a><br><a href="https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1">https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1</a><br><a href="https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)">https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)</a><br><a href="https://linux.oracle.com/cve/CVE-2020-7788.html">https://linux.oracle.com/cve/CVE-2020-7788.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0350.html">https://linux.oracle.com/errata/ELSA-2022-0350.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html">https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7788">https://nvd.nist.gov/vuln/detail/CVE-2020-7788</a><br><a href="https://snyk.io/vuln/SNYK-JS-INI-1048974">https://snyk.io/vuln/SNYK-JS-INI-1048974</a><br><a href="https://www.npmjs.com/advisories/1589">https://www.npmjs.com/advisories/1589</a><br></details> |
| json | CVE-2020-7712 | HIGH | 1.0.0 | 10.0.0 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-3c6g-pvg8-gqw2">https://github.com/advisories/GHSA-3c6g-pvg8-gqw2</a><br><a href="https://github.com/trentm/json/commit/cc4798169f9e0f181f8aa61905b88479badcd483">https://github.com/trentm/json/commit/cc4798169f9e0f181f8aa61905b88479badcd483</a><br><a href="https://github.com/trentm/json/issues/144">https://github.com/trentm/json/issues/144</a><br><a href="https://github.com/trentm/json/pull/145">https://github.com/trentm/json/pull/145</a><br><a href="https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da@%3Cissues.flink.apache.org%3E">https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da@%3Cissues.flink.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da@%3Cdev.flink.apache.org%3E">https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da@%3Cdev.flink.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2@%3Cissues.flink.apache.org%3E">https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2@%3Cissues.flink.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rb89bd82dffec49f83b49e9ad625b1b63a408b3c7d1a60d6f049142a0@%3Cissues.flink.apache.org%3E">https://lists.apache.org/thread.html/rb89bd82dffec49f83b49e9ad625b1b63a408b3c7d1a60d6f049142a0@%3Cissues.flink.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d@%3Cissues.flink.apache.org%3E">https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d@%3Cissues.flink.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E</a><br><a href="https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E">https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.
| markdown | GHSA-wx77-rp39-c6vg | LOW | 1.0.0 | | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-wx77-rp39-c6vg">https://github.com/advisories/GHSA-wx77-rp39-c6vg</a><br><a href="https://www.npmjs.com/advisories/1330">https://www.npmjs.com/advisories/1330</a><br></details> |
| npm | CVE-2019-16775 | HIGH | 1.0.1 | 6.13.3 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html</a><br><a href="https://access.redhat.com/errata/RHEA-2020:0330">https://access.redhat.com/errata/RHEA-2020:0330</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0573">https://access.redhat.com/errata/RHSA-2020:0573</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0579">https://access.redhat.com/errata/RHSA-2020:0579</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0597">https://access.redhat.com/errata/RHSA-2020:0597</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0602">https://access.redhat.com/errata/RHSA-2020:0602</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-16775">https://access.redhat.com/security/cve/CVE-2019-16775</a><br><a href="https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli">https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli</a><br><a href="https://github.com/advisories/GHSA-m6cx-g6qm-p2cx">https://github.com/advisories/GHSA-m6cx-g6qm-p2cx</a><br><a href="https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx">https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx</a><br><a href="https://linux.oracle.com/cve/CVE-2019-16775.html">https://linux.oracle.com/cve/CVE-2019-16775.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-0579.html">https://linux.oracle.com/errata/ELSA-2020-0579.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16775">https://nvd.nist.gov/vuln/detail/CVE-2019-16775</a><br><a href="https://www.npmjs.com/advisories/1434">https://www.npmjs.com/advisories/1434</a><br><a href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a><br><a href="https://www.oracle.com/security-alerts/cpuoct2021.html">https://www.oracle.com/security-alerts/cpuoct2021.html</a><br></details> |
| npm | CVE-2016-3956 | MEDIUM | 1.0.1 | &gt;= 2.15.1 &lt;= 3.0.0, &gt;= 3.8.3 | <details><summary>Expand...</summary><a href="http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability">http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability</a><br><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21980827">http://www-01.ibm.com/support/docview.wss?uid=swg21980827</a><br><a href="https://access.redhat.com/security/cve/CVE-2016-3956">https://access.redhat.com/security/cve/CVE-2016-3956</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956</a><br><a href="https://github.com/advisories/GHSA-m5h6-hr3q-22h5">https://github.com/advisories/GHSA-m5h6-hr3q-22h5</a><br><a href="https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29">https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29</a><br><a href="https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401">https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401</a><br><a href="https://github.com/npm/npm/issues/8380">https://github.com/npm/npm/issues/8380</a><br><a href="https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/">https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/</a><br><a href="https://nodesecurity.io/advisories/98">https://nodesecurity.io/advisories/98</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2016-3956">https://nvd.nist.gov/vuln/detail/CVE-2016-3956</a><br><a href="https://www.npmjs.com/advisories/98">https://www.npmjs.com/advisories/98</a><br></details> |
| npm | CVE-2013-4116 | LOW | 1.0.1 | &gt;=1.3.3 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2013/07/10/17">http://www.openwall.com/lists/oss-security/2013/07/10/17</a><br><a href="http://www.openwall.com/lists/oss-security/2013/07/11/9">http://www.openwall.com/lists/oss-security/2013/07/11/9</a><br><a href="http://www.securityfocus.com/bid/61083">http://www.securityfocus.com/bid/61083</a><br><a href="https://access.redhat.com/security/cve/CVE-2013-4116">https://access.redhat.com/security/cve/CVE-2013-4116</a><br><a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=983917">https://bugzilla.redhat.com/show_bug.cgi?id=983917</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/87141">https://exchange.xforce.ibmcloud.com/vulnerabilities/87141</a><br><a href="https://github.com/advisories/GHSA-v3jv-wrf4-5845">https://github.com/advisories/GHSA-v3jv-wrf4-5845</a><br><a href="https://github.com/npm/npm/commit/f4d31693">https://github.com/npm/npm/commit/f4d31693</a><br><a href="https://github.com/npm/npm/issues/3635">https://github.com/npm/npm/issues/3635</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2013-4116">https://nvd.nist.gov/vuln/detail/CVE-2013-4116</a><br><a href="https://www.npmjs.com/advisories/152">https://www.npmjs.com/advisories/152</a><br></details> |
| npm | CVE-2019-16776 | LOW | 1.0.1 | 6.13.3 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html</a><br><a href="https://access.redhat.com/errata/RHEA-2020:0330">https://access.redhat.com/errata/RHEA-2020:0330</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0573">https://access.redhat.com/errata/RHSA-2020:0573</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0579">https://access.redhat.com/errata/RHSA-2020:0579</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0597">https://access.redhat.com/errata/RHSA-2020:0597</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0602">https://access.redhat.com/errata/RHSA-2020:0602</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-16776">https://access.redhat.com/security/cve/CVE-2019-16776</a><br><a href="https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli">https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli</a><br><a href="https://github.com/advisories/GHSA-x8qc-rrcw-4r46">https://github.com/advisories/GHSA-x8qc-rrcw-4r46</a><br><a href="https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46">https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46</a><br><a href="https://linux.oracle.com/cve/CVE-2019-16776.html">https://linux.oracle.com/cve/CVE-2019-16776.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-0579.html">https://linux.oracle.com/errata/ELSA-2020-0579.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16776">https://nvd.nist.gov/vuln/detail/CVE-2019-16776</a><br><a href="https://www.npmjs.com/advisories/1436">https://www.npmjs.com/advisories/1436</a><br><a href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a><br></details> |
| npm | CVE-2019-16777 | LOW | 1.0.1 | 6.13.4 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html</a><br><a href="https://access.redhat.com/errata/RHEA-2020:0330">https://access.redhat.com/errata/RHEA-2020:0330</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0573">https://access.redhat.com/errata/RHSA-2020:0573</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0579">https://access.redhat.com/errata/RHSA-2020:0579</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0597">https://access.redhat.com/errata/RHSA-2020:0597</a><br><a href="https://access.redhat.com/errata/RHSA-2020:0602">https://access.redhat.com/errata/RHSA-2020:0602</a><br><a href="https://access.redhat.com/security/cve/CVE-2019-16777">https://access.redhat.com/security/cve/CVE-2019-16777</a><br><a href="https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli">https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli</a><br><a href="https://github.com/advisories/GHSA-4328-8hgf-7wjr">https://github.com/advisories/GHSA-4328-8hgf-7wjr</a><br><a href="https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr">https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr</a><br><a href="https://linux.oracle.com/cve/CVE-2019-16777.html">https://linux.oracle.com/cve/CVE-2019-16777.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-0579.html">https://linux.oracle.com/errata/ELSA-2020-0579.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16777">https://nvd.nist.gov/vuln/detail/CVE-2019-16777</a><br><a href="https://security.gentoo.org/glsa/202003-48">https://security.gentoo.org/glsa/202003-48</a><br><a href="https://www.npmjs.com/advisories/1437">https://www.npmjs.com/advisories/1437</a><br><a href="https://www.oracle.com/security-alerts/cpujan2020.html">https://www.oracle.com/security-alerts/cpujan2020.html</a><br></details> |
| npm | CVE-2020-15095 | LOW | 1.0.1 | 6.14.6 | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html">http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html">http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html">http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html</a><br><a href="https://access.redhat.com/security/cve/CVE-2020-15095">https://access.redhat.com/security/cve/CVE-2020-15095</a><br><a href="https://github.com/advisories/GHSA-93f3-23rq-pjfp">https://github.com/advisories/GHSA-93f3-23rq-pjfp</a><br><a href="https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07">https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07</a><br><a href="https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc">https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc</a><br><a href="https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp">https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp</a><br><a href="https://linux.oracle.com/cve/CVE-2020-15095.html">https://linux.oracle.com/cve/CVE-2020-15095.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-0548.html">https://linux.oracle.com/errata/ELSA-2021-0548.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-15095">https://nvd.nist.gov/vuln/detail/CVE-2020-15095</a><br><a href="https://security.gentoo.org/glsa/202101-07">https://security.gentoo.org/glsa/202101-07</a><br></details> |
| pug | CVE-2021-21353 | HIGH | 1.0.0 | 3.0.1 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-p493-635q-r6gr">https://github.com/advisories/GHSA-p493-635q-r6gr</a><br><a href="https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0">https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0</a><br><a href="https://github.com/pugjs/pug/issues/3312">https://github.com/pugjs/pug/issues/3312</a><br><a href="https://github.com/pugjs/pug/pull/3314">https://github.com/pugjs/pug/pull/3314</a><br><a href="https://github.com/pugjs/pug/releases/tag/pug%403.0.1">https://github.com/pugjs/pug/releases/tag/pug%403.0.1</a><br><a href="https://github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr">https://github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-21353">https://nvd.nist.gov/vuln/detail/CVE-2021-21353</a><br><a href="https://www.npmjs.com/package/pug">https://www.npmjs.com/package/pug</a><br><a href="https://www.npmjs.com/package/pug-code-gen">https://www.npmjs.com/package/pug-code-gen</a><br></details> |