--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: wekan/charts/mongodb/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |

Expand...

A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.allowPrivilegeEscalation' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-mongodb' of StatefulSet 'RELEASE-NAME-mongodb' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |

Expand...

Enforcing CPU limits prevents DoS via resource exhaustion.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'resources.limits.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.

Container 'RELEASE-NAME-mongodb' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'autopermissions' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |

Expand...

When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'resources.requests.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015

| | Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |

Expand...

When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'resources.requests.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016

Expand...

Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.privileged' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017

| | Kubernetes Security Check | KSV018 | Memory not limited | LOW |

Expand...

Enforcing memory limits prevents DoS via resource exhaustion.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'resources.limits.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-mongodb' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-mongodb' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of StatefulSet 'RELEASE-NAME-mongodb' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

HostPath volumes must be forbidden.

StatefulSet 'RELEASE-NAME-mongodb' should not set 'spec.template.volumes.hostPath'

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023

| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |

Expand...

Containers should be forbidden from running with a root primary or supplementary GID.

StatefulSet 'RELEASE-NAME-mongodb' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029

| | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |

Expand...

A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.allowPrivilegeEscalation' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001

Expand...

A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.

Container 'mongodb-init' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.allowPrivilegeEscalation' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'RELEASE-NAME-wekan' of Deployment 'RELEASE-NAME-wekan' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |

Expand...

The container should drop all default capabilities and add only those that are needed for its execution.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should add 'ALL' to 'securityContext.capabilities.drop'

Expand...

https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003

| | Kubernetes Security Check | KSV011 | CPU not limited | LOW |

Expand...

Enforcing CPU limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'resources.limits.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

Expand...

'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.

Container 'mongodb-init' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsNonRoot' to true

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'autopermissions' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |

Expand...

Container 'mongodb-init' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.readOnlyRootFilesystem' to true

Expand...

https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014

| | Kubernetes Security Check | KSV015 | CPU requests not specified | LOW |

Expand...

When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'resources.requests.cpu'

Expand...

https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015

| | Kubernetes Security Check | KSV016 | Memory requests not specified | LOW |

Expand...

When containers have memory requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'resources.requests.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv016

Expand...

Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.privileged' to false

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017

| | Kubernetes Security Check | KSV018 | Memory not limited | LOW |

Expand...

Enforcing memory limits prevents DoS via resource exhaustion.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'resources.limits.memory'

Expand...

https://kubesec.io/basics/containers-resources-limits-memory/
https://avd.aquasec.com/appshield/ksv018

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-wekan' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.

Container 'mongodb-init' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsUser' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'RELEASE-NAME-wekan' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'autopermissions' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'hostpatch' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.

Container 'mongodb-init' of Deployment 'RELEASE-NAME-wekan' should set 'securityContext.runAsGroup' > 10000

Expand...

https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021

Expand...

HostPath volumes must be forbidden.

Deployment 'RELEASE-NAME-wekan' should not set 'spec.template.volumes.hostPath'

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023

| | Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |

Expand...

Containers should be forbidden from running with a root primary or supplementary GID.

Deployment 'RELEASE-NAME-wekan' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0

Expand...

https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029

| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/mongodb:v5.0.6@sha256:c6ff92cae3448fa844c81252a1751ee8406aa5c55389d1da2aee069879f12ff3 tccr.io/truecharts/wekan:v6.18@sha256:ec1cbf4e866d100001589aa8e480a954ec375b4677b266bcee36a8cd1d0e69e0 tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 tccr.io/truecharts/mongodb:v5.0.6@sha256:c6ff92cae3448fa844c81252a1751ee8406aa5c55389d1da2aee069879f12ff3 ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | UNKNOWN | 1.34.1-r4 | 1.34.1-r5 |

Expand...

https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661

| | ssl_client | CVE-2022-28391 | UNKNOWN | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |

Expand...

http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3

| #### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) **alpine** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | busybox | CVE-2022-28391 | UNKNOWN | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | ssl_client | CVE-2022-28391 | UNKNOWN | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |

Expand...

| #### Container: tccr.io/truecharts/mongodb:v5.0.6@sha256:c6ff92cae3448fa844c81252a1751ee8406aa5c55389d1da2aee069879f12ff3 (debian 10.12) **debian** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | apt | CVE-2011-3374 | LOW | 1.8.2.3 | |

Expand...

https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374

| | bash | CVE-2019-18276 | LOW | 5.0-4 | |

Expand...

http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://access.redhat.com/security/cve/CVE-2019-18276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-18276
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://www.youtube.com/watch?v=-wGtxJ8opa8

| | bsdutils | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-37600
https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
https://github.com/karelzak/util-linux/issues/1395
https://nvd.nist.gov/vuln/detail/CVE-2021-37600
https://security.netapp.com/advisory/ntap-20210902-0002/

| | bsdutils | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/

| | coreutils | CVE-2016-2781 | LOW | 8.30-3 | |

Expand...

http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://access.redhat.com/security/cve/CVE-2016-2781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
https://nvd.nist.gov/vuln/detail/CVE-2016-2781

| | coreutils | CVE-2017-18018 | LOW | 8.30-3 | |

Expand...

http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
https://access.redhat.com/security/cve/CVE-2017-18018

Expand...

http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22946
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Expand...

http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22947
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | curl | CVE-2021-22898 | LOW | 7.64.0-4+deb10u2 | |

Expand...

http://www.openwall.com/lists/oss-security/2021/07/21/4
https://access.redhat.com/security/cve/CVE-2021-22898
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://nvd.nist.gov/vuln/detail/CVE-2021-22898
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html

| | curl | CVE-2021-22922 | LOW | 7.64.0-4+deb10u2 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-22922
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html

| | curl | CVE-2021-22923 | LOW | 7.64.0-4+deb10u2 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-22923
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html

| | curl | CVE-2021-22924 | LOW | 7.64.0-4+deb10u2 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-22924
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22924
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | fdisk | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | fdisk | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-12886
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
https://www.gnu.org/software/gcc/gcc-8/changes.html

| | gcc-8-base | CVE-2019-15847 | HIGH | 8.3.0-6 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00057.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00058.html
https://access.redhat.com/security/cve/CVE-2019-15847
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481
https://linux.oracle.com/cve/CVE-2019-15847.html
https://linux.oracle.com/errata/ELSA-2020-1864.html
https://nvd.nist.gov/vuln/detail/CVE-2019-15847

| | gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-14855
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14855
https://dev.gnupg.org/T4755
https://eprint.iacr.org/2020/014.pdf
https://lists.gnupg.org/pipermail/gnupg-announce/2019q4/000442.html
https://rwc.iacr.org/2020/slides/Leurent.pdf
https://ubuntu.com/security/notices/USN-4516-1
https://usn.ubuntu.com/4516-1/

| | gzip | CVE-2022-1271 | HIGH | 1.9-3 | |

Expand...

https://access.redhat.com/security/cve/CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
https://www.openwall.com/lists/oss-security/2022/04/07/8

| | libapt-pkg5.0 | CVE-2011-3374 | LOW | 1.8.2.3 | |

Expand...

| | libblkid1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libblkid1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

Expand...

https://access.redhat.com/security/cve/CVE-2021-33574
https://linux.oracle.com/cve/CVE-2021-33574.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/
https://nvd.nist.gov/vuln/detail/CVE-2021-33574
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210629-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1

Expand...

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35942.json
https://access.redhat.com/security/cve/CVE-2021-35942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
https://linux.oracle.com/cve/CVE-2021-35942.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://nvd.nist.gov/vuln/detail/CVE-2021-35942
https://security.netapp.com/advisory/ntap-20210827-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
https://sourceware.org/glibc/wiki/Security%20Exceptions
https://ubuntu.com/security/notices/USN-5310-1

Expand...

https://access.redhat.com/security/cve/CVE-2022-23218
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23218
https://linux.oracle.com/cve/CVE-2022-23218.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://nvd.nist.gov/vuln/detail/CVE-2022-23218
https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2

Expand...

https://access.redhat.com/security/cve/CVE-2022-23219
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23219
https://linux.oracle.com/cve/CVE-2022-23219.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://nvd.nist.gov/vuln/detail/CVE-2022-23219
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2

Expand...

https://access.redhat.com/security/cve/CVE-2020-1751
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1751
https://linux.oracle.com/cve/CVE-2020-1751.html
https://linux.oracle.com/errata/ELSA-2020-4444.html
https://nvd.nist.gov/vuln/detail/CVE-2020-1751
https://security.gentoo.org/glsa/202006-04
https://security.netapp.com/advisory/ntap-20200430-0002/
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
https://ubuntu.com/security/notices/USN-4416-1
https://usn.ubuntu.com/4416-1/

Expand...

https://access.redhat.com/security/cve/CVE-2020-1752
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1752
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1752
https://linux.oracle.com/cve/CVE-2020-1752.html
https://linux.oracle.com/errata/ELSA-2020-4444.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-1752
https://security.gentoo.org/glsa/202101-20
https://security.netapp.com/advisory/ntap-20200511-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=25414
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c
https://ubuntu.com/security/notices/USN-4416-1
https://usn.ubuntu.com/4416-1/

Expand...

http://www.openwall.com/lists/oss-security/2021/01/28/2
https://access.redhat.com/security/cve/CVE-2021-3326
https://bugs.chromium.org/p/project-zero/issues/detail?id=2146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3326
https://linux.oracle.com/cve/CVE-2021-3326.html
https://linux.oracle.com/errata/ELSA-2021-9344.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3326
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210304-0007/
https://sourceware.org/bugzilla/show_bug.cgi?id=27256
https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888
https://sourceware.org/pipermail/libc-alpha/2021-January/122058.html
https://ubuntu.com/security/notices/USN-5310-1
https://www.oracle.com/security-alerts/cpujan2022.html

Expand...

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json
https://access.redhat.com/security/cve/CVE-2021-3999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4

Expand...

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00033.html
https://access.redhat.com/security/cve/CVE-2020-10029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029
https://linux.oracle.com/cve/CVE-2020-10029.html
https://linux.oracle.com/errata/ELSA-2021-0348.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/23N76M3EDP2GIW4GOIQRYTKRE7PPBRB2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTFUD5VH2GU3YOXA2KBQSBIDZRDWNZ3/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU5JJGENOK7K4X5RYAA5PL647C6HD22E/
https://nvd.nist.gov/vuln/detail/CVE-2020-10029
https://security.gentoo.org/glsa/202006-04
https://security.netapp.com/advisory/ntap-20200327-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=25487
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=9333498794cde1d5cca518badf79533a24114b6f
https://ubuntu.com/security/notices/USN-4416-1
https://usn.ubuntu.com/4416-1/

Expand...

https://access.redhat.com/security/cve/CVE-2020-27618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618
https://linux.oracle.com/cve/CVE-2020-27618.html
https://linux.oracle.com/errata/ELSA-2021-9344.html
https://nvd.nist.gov/vuln/detail/CVE-2020-27618
https://security.gentoo.org/glsa/202107-07
https://security.netapp.com/advisory/ntap-20210401-0006/
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
https://ubuntu.com/security/notices/USN-5310-1
https://www.oracle.com/security-alerts/cpujan2022.html

| | libc-bin | CVE-2010-4756 | LOW | 2.28-10+deb10u1 | |

Expand...

http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://access.redhat.com/security/cve/CVE-2010-4756
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
https://nvd.nist.gov/vuln/detail/CVE-2010-4756

| | libc-bin | CVE-2016-10228 | LOW | 2.28-10+deb10u1 | |

Expand...

http://openwall.com/lists/oss-security/2017/03/01/10
http://www.securityfocus.com/bid/96525
https://access.redhat.com/security/cve/CVE-2016-10228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228
https://linux.oracle.com/cve/CVE-2016-10228.html
https://linux.oracle.com/errata/ELSA-2021-9344.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security.gentoo.org/glsa/202101-20
https://sourceware.org/bugzilla/show_bug.cgi?id=19519
https://sourceware.org/bugzilla/show_bug.cgi?id=19519#c21
https://sourceware.org/bugzilla/show_bug.cgi?id=26224
https://ubuntu.com/security/notices/USN-5310-1

| | libc-bin | CVE-2018-20796 | LOW | 2.28-10+deb10u1 | |

Expand...

http://www.securityfocus.com/bid/107160
https://access.redhat.com/security/cve/CVE-2018-20796
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-20796
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS

| | libc-bin | CVE-2019-1010022 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-1010022
https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022

| | libc-bin | CVE-2019-1010023 | LOW | 2.28-10+deb10u1 | |

Expand...

http://www.securityfocus.com/bid/109167
https://access.redhat.com/security/cve/CVE-2019-1010023
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023

| | libc-bin | CVE-2019-1010024 | LOW | 2.28-10+deb10u1 | |

Expand...

http://www.securityfocus.com/bid/109162
https://access.redhat.com/security/cve/CVE-2019-1010024
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024

| | libc-bin | CVE-2019-1010025 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-1010025
https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025

| | libc-bin | CVE-2019-19126 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-19126
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126
https://linux.oracle.com/cve/CVE-2019-19126.html
https://linux.oracle.com/errata/ELSA-2020-3861.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FQ5LC6JOYSOYFPRUZ4S45KL6IP3RPPZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/
https://nvd.nist.gov/vuln/detail/CVE-2019-19126
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
https://sourceware.org/ml/libc-alpha/2019-11/msg00649.html
https://ubuntu.com/security/notices/USN-4416-1
https://usn.ubuntu.com/4416-1/

| | libc-bin | CVE-2019-9192 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS

| | libc-bin | CVE-2020-6096 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2020-6096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6096
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYXTDOOB4PQGTYAMZAZNJIB3FF6YQXI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/URXOIA2LDUKHQXK4BE55BQBRI6ZZG3Y6/
https://nvd.nist.gov/vuln/detail/CVE-2020-6096
https://security.gentoo.org/glsa/202101-20
https://sourceware.org/bugzilla/attachment.cgi?id=12334
https://sourceware.org/bugzilla/show_bug.cgi?id=25620
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
https://ubuntu.com/security/notices/USN-4954-1
https://ubuntu.com/security/notices/USN-5310-1
https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1019

| | libc-bin | CVE-2021-27645 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-27645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
https://linux.oracle.com/cve/CVE-2021-27645.html
https://linux.oracle.com/errata/ELSA-2021-9560.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/
https://sourceware.org/bugzilla/show_bug.cgi?id=27462
https://ubuntu.com/security/notices/USN-5310-1

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

| | libc6 | CVE-2010-4756 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2016-10228 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2018-20796 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010022 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010023 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010024 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010025 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-19126 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-9192 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS

| | libc6 | CVE-2020-6096 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2021-27645 | LOW | 2.28-10+deb10u1 | |

Expand...

Expand...

Expand...

| | libcurl4 | CVE-2021-22898 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libcurl4 | CVE-2021-22922 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libcurl4 | CVE-2021-22923 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libcurl4 | CVE-2021-22924 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libfdisk1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libfdisk1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-12886
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
https://www.gnu.org/software/gcc/gcc-8/changes.html

| | libgcc1 | CVE-2019-15847 | HIGH | 8.3.0-6 | |

Expand...

Expand...

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33560.json
https://access.redhat.com/security/cve/CVE-2021-33560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560
https://dev.gnupg.org/T5305
https://dev.gnupg.org/T5328
https://dev.gnupg.org/T5466
https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
https://eprint.iacr.org/2021/923
https://linux.oracle.com/cve/CVE-2021-33560.html
https://linux.oracle.com/errata/ELSA-2022-9263.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/
https://nvd.nist.gov/vuln/detail/CVE-2021-33560
https://ubuntu.com/security/notices/USN-5080-1
https://ubuntu.com/security/notices/USN-5080-2
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00060.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html
http://www.openwall.com/lists/oss-security/2019/10/02/2
https://access.redhat.com/security/cve/CVE-2019-13627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627
https://dev.gnupg.org/T4683
https://github.com/gpg/libgcrypt/releases/tag/libgcrypt-1.8.5
https://linux.oracle.com/cve/CVE-2019-13627.html
https://linux.oracle.com/errata/ELSA-2020-4482.html
https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html
https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html
https://minerva.crocs.fi.muni.cz/
https://security-tracker.debian.org/tracker/CVE-2019-13627
https://security.gentoo.org/glsa/202003-32
https://ubuntu.com/security/notices/USN-4236-1
https://ubuntu.com/security/notices/USN-4236-2
https://ubuntu.com/security/notices/USN-4236-3
https://usn.ubuntu.com/4236-1/
https://usn.ubuntu.com/4236-2/
https://usn.ubuntu.com/4236-3/

| | libgcrypt20 | CVE-2018-6829 | LOW | 1.8.4-5+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-6829
https://github.com/weikengchen/attack-on-libgcrypt-elgamal
https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
https://www.oracle.com/security-alerts/cpujan2020.html

Expand...

https://access.redhat.com/security/cve/CVE-2021-4209

| | libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | |

Expand...

http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132872385320240&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://osvdb.org/74829
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.debian.org/security/2012/dsa-2398
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.kb.cert.org/vuls/id/864643
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
http://www.securityfocus.com/bid/49388
http://www.securityfocus.com/bid/49778
http://www.securitytracker.com/id/1029190
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.ubuntu.com/usn/USN-1263-1
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
https://access.redhat.com/security/cve/CVE-2011-3389
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://linux.oracle.com/cve/CVE-2011-3389.html
https://linux.oracle.com/errata/ELSA-2011-1380.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
https://ubuntu.com/security/notices/USN-1263-1

| | libgssapi-krb5-2 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://access.redhat.com/security/cve/CVE-2004-0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497

| | libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-5709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00009.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12290
https://gitlab.com/libidn/libidn2/commit/241e8f486134793cb0f4a5b0e5817a97883401f5
https://gitlab.com/libidn/libidn2/commit/614117ef6e4c60e1950d742e3edf0a0ef8d389de
https://gitlab.com/libidn/libidn2/merge_requests/71
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFT76Y7OSGPZV3EBEHD6ISVUM3DLARM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXDKYWFV6N2HHVSE67FFDM7G3FEL2ZNE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ONG3GJRRJO35COPGVJXXSZLU4J5Y42AT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSI4TI2JTQWQ3YEUX5X36GTVGKO4QKZ5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6ZXL2RDNQRAHCMKWPOMJFKYJ344X4HL/
https://security.gentoo.org/glsa/202003-63
https://ubuntu.com/security/notices/USN-4168-1
https://usn.ubuntu.com/4168-1/

| | libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libk5crypto3 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5-3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5-3 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5support0 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5support0 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libldap-2.4-2 | CVE-2015-3276 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://rhn.redhat.com/errata/RHSA-2015-2131.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securitytracker.com/id/1034221
https://access.redhat.com/security/cve/CVE-2015-3276
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://linux.oracle.com/cve/CVE-2015-3276.html
https://linux.oracle.com/errata/ELSA-2015-2131.html
https://nvd.nist.gov/vuln/detail/CVE-2015-3276

| | libldap-2.4-2 | CVE-2017-14159 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://www.openldap.org/its/index.cgi?findid=8703
https://access.redhat.com/security/cve/CVE-2017-14159

| | libldap-2.4-2 | CVE-2017-17740 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
http://www.openldap.org/its/index.cgi/Incoming?id=8759
https://access.redhat.com/security/cve/CVE-2017-17740
https://kc.mcafee.com/corporate/index?page=content&id=SB10365

| | libldap-2.4-2 | CVE-2020-15719 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html
https://access.redhat.com/errata/RHBA-2019:3674
https://access.redhat.com/security/cve/CVE-2020-15719
https://bugs.openldap.org/show_bug.cgi?id=9266
https://bugzilla.redhat.com/show_bug.cgi?id=1740070
https://kc.mcafee.com/corporate/index?page=content&id=SB10365

| | libldap-common | CVE-2015-3276 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-common | CVE-2017-14159 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://www.openldap.org/its/index.cgi?findid=8703
https://access.redhat.com/security/cve/CVE-2017-14159

| | libldap-common | CVE-2017-17740 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-common | CVE-2020-15719 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | liblz4-1 | CVE-2019-17543 | LOW | 1.8.3-1+deb10u1 | |

Expand...

| | liblzma5 | CVE-2022-1271 | HIGH | 5.2.4-1 | |

Expand...

| | libmount1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libmount1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | libncurses6 | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537

| | libncursesw6 | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://access.redhat.com/security/cve/CVE-2020-11080
https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
https://linux.oracle.com/cve/CVE-2020-11080.html
https://linux.oracle.com/errata/ELSA-2020-5765.html
https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/
https://nvd.nist.gov/vuln/detail/CVE-2020-11080
https://www.debian.org/security/2020/dsa-4696
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | |

Expand...

http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
https://access.redhat.com/security/cve/CVE-2020-14155
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
https://linux.oracle.com/cve/CVE-2020-14155.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-14155
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.pcre.org/original/changelog.txt

| | libpcre3 | CVE-2017-11164 | LOW | 2:8.39-12 | |

Expand...

http://openwall.com/lists/oss-security/2017/07/11/3
http://www.securityfocus.com/bid/99575
https://access.redhat.com/security/cve/CVE-2017-11164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

| | libpcre3 | CVE-2017-16231 | LOW | 2:8.39-12 | |

Expand...

http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2018/Dec/33
http://www.openwall.com/lists/oss-security/2017/11/01/11
http://www.openwall.com/lists/oss-security/2017/11/01/3
http://www.openwall.com/lists/oss-security/2017/11/01/7
http://www.openwall.com/lists/oss-security/2017/11/01/8
http://www.securityfocus.com/bid/101688
https://access.redhat.com/security/cve/CVE-2017-16231
https://bugs.exim.org/show_bug.cgi?id=2047

| | libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | |

Expand...

http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/security/cve/CVE-2017-7245
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25

| | libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | |

Expand...

http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/security/cve/CVE-2017-7246
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25

| | libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | |

Expand...

http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://access.redhat.com/security/cve/CVE-2019-20838
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-20838
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.pcre.org/original/changelog.txt

| | libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html
https://access.redhat.com/errata/RHSA-2019:3624
https://access.redhat.com/security/cve/CVE-2019-9893
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
https://github.com/seccomp/libseccomp/issues/139
https://linux.oracle.com/cve/CVE-2019-9893.html
https://linux.oracle.com/errata/ELSA-2019-3624.html
https://seclists.org/oss-sec/2019/q1/179
https://security.gentoo.org/glsa/201904-18
https://ubuntu.com/security/notices/USN-4001-1
https://ubuntu.com/security/notices/USN-4001-2
https://usn.ubuntu.com/4001-1/
https://usn.ubuntu.com/4001-2/
https://www.openwall.com/lists/oss-security/2019/03/15/1

| | libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-36084
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/

| | libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-36085
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/

| | libsepol1 | CVE-2021-36086 | LOW | 2.8-1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-36086
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
https://linux.oracle.com/cve/CVE-2021-36086.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/

| | libsepol1 | CVE-2021-36087 | LOW | 2.8-1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-36087
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087
https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
https://linux.oracle.com/cve/CVE-2021-36087.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/

| | libsmartcols1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libsmartcols1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-13115
https://blog.semmle.com/libssh2-integer-overflow/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13115
https://github.com/libssh2/libssh2/compare/02ecf17...42d37aa
https://github.com/libssh2/libssh2/pull/350
https://libssh2.org/changes.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/07/msg00024.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6LUNHPW64IGCASZ4JQ2J5KDXNZN53DWW/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M7IF3LNHOA75O4WZWIHJLIRMA5LJUED3/
https://security.netapp.com/advisory/ntap-20190806-0002/
https://support.f5.com/csp/article/K13322484
https://support.f5.com/csp/article/K13322484?utm_source=f5support&utm_medium=RSS

| | libssh2-1 | CVE-2019-17498 | LOW | 1.8.0-2.1 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00026.html
https://access.redhat.com/security/cve/CVE-2019-17498
https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17498
https://github.com/kevinbackhouse/SecurityExploits/tree/8cbdbbe6363510f7d9ceec685373da12e6fc752d/libssh2/out_of_bounds_read_disconnect_CVE-2019-17498
https://github.com/libssh2/libssh2/blob/42d37aa63129a1b2644bf6495198923534322d64/src/packet.c#L480
https://github.com/libssh2/libssh2/commit/dedcbd106f8e52d5586b0205bc7677e4c9868f9c
https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94
https://linux.oracle.com/cve/CVE-2019-17498.html
https://linux.oracle.com/errata/ELSA-2020-3915.html
https://lists.debian.org/debian-lts-announce/2019/11/msg00010.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22H4Q5XMGS3QNSA7OCL3U7UQZ4NXMR5O/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY7EEE34RFKCTXTMBQQWWSLXZWSCXNDB/
https://nvd.nist.gov/vuln/detail/CVE-2019-17498

| | libssl1.1 | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
http://www.securityfocus.com/bid/63657
https://access.redhat.com/security/cve/CVE-2007-6755
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html

| | libssl1.1 | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/
http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
http://www.osvdb.org/62808
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
https://access.redhat.com/security/cve/CVE-2010-0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/56750

| | libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-12886
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
https://www.gnu.org/software/gcc/gcc-8/changes.html

| | libstdc++6 | CVE-2019-15847 | HIGH | 8.3.0-6 | |

Expand...

Expand...

http://www.securityfocus.com/bid/108116
https://access.redhat.com/security/cve/CVE-2019-3843
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3843
https://github.com/systemd/systemd-stable/pull/54 (backport for v241-stable)
https://linux.oracle.com/cve/CVE-2019-3843.html
https://linux.oracle.com/errata/ELSA-2020-1794.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JXQAKSTMABZ46EVCRMW62DHWYHTTFES/
https://nvd.nist.gov/vuln/detail/CVE-2019-3843
https://security.netapp.com/advisory/ntap-20190619-0002/
https://ubuntu.com/security/notices/USN-4269-1
https://usn.ubuntu.com/4269-1/

Expand...

http://www.securityfocus.com/bid/108096
https://access.redhat.com/security/cve/CVE-2019-3844
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3844
https://linux.oracle.com/cve/CVE-2019-3844.html
https://linux.oracle.com/errata/ELSA-2020-1794.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-3844
https://security.netapp.com/advisory/ntap-20190619-0002/
https://ubuntu.com/security/notices/USN-4269-1
https://usn.ubuntu.com/4269-1/

Expand...

https://access.redhat.com/security/cve/CVE-2021-3997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3997
https://ubuntu.com/security/notices/USN-5226-1
https://www.openwall.com/lists/oss-security/2022/01/10/2

| | libsystemd0 | CVE-2013-4392 | LOW | 241-7~deb10u8 | |

Expand...

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
http://www.openwall.com/lists/oss-security/2013/10/01/9
https://access.redhat.com/security/cve/CVE-2013-4392
https://bugzilla.redhat.com/show_bug.cgi?id=859060

| | libsystemd0 | CVE-2019-20386 | LOW | 241-7~deb10u8 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00014.html
https://access.redhat.com/security/cve/CVE-2019-20386
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20386
https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad
https://linux.oracle.com/cve/CVE-2019-20386.html
https://linux.oracle.com/errata/ELSA-2020-4553.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZPCOMW5X6IZZXASCDD2CNW2DLF3YADC/
https://nvd.nist.gov/vuln/detail/CVE-2019-20386
https://security.netapp.com/advisory/ntap-20200210-0002/
https://ubuntu.com/security/notices/USN-4269-1
https://usn.ubuntu.com/4269-1/

| | libsystemd0 | CVE-2020-13529 | LOW | 241-7~deb10u8 | |

Expand...

http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://access.redhat.com/security/cve/CVE-2020-13529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2

| | libsystemd0 | CVE-2020-13776 | LOW | 241-7~deb10u8 | |

Expand...

https://access.redhat.com/security/cve/CVE-2020-13776
https://github.com/systemd/systemd/issues/15985
https://linux.oracle.com/cve/CVE-2020-13776.html
https://linux.oracle.com/errata/ELSA-2021-1611.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYGLFEKG45EYBJ7TPQMLWROWPTZBEU63/
https://nvd.nist.gov/vuln/detail/CVE-2020-13776
https://security.netapp.com/advisory/ntap-20200611-0003/

| | libtasn1-6 | CVE-2018-1000654 | LOW | 4.13-3 | |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00018.html
http://www.securityfocus.com/bid/105151
https://access.redhat.com/security/cve/CVE-2018-1000654
https://gitlab.com/gnutls/libtasn1/issues/4
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E

| | libtinfo6 | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

Expand...

Expand...

Expand...

| | libudev1 | CVE-2013-4392 | LOW | 241-7~deb10u8 | |

Expand...

| | libudev1 | CVE-2019-20386 | LOW | 241-7~deb10u8 | |

Expand...

| | libudev1 | CVE-2020-13529 | LOW | 241-7~deb10u8 | |

Expand...

| | libudev1 | CVE-2020-13776 | LOW | 241-7~deb10u8 | |

Expand...

| | libuuid1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libuuid1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | login | CVE-2007-5686 | LOW | 1:4.5-1.1 | |

Expand...

http://secunia.com/advisories/27215
http://www.securityfocus.com/archive/1/482129/100/100/threaded
http://www.securityfocus.com/archive/1/482857/100/0/threaded
http://www.securityfocus.com/bid/26048
http://www.vupen.com/english/advisories/2007/3474
https://issues.rpath.com/browse/RPL-1825

| | login | CVE-2013-4235 | LOW | 1:4.5-1.1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235

| | login | CVE-2018-7169 | LOW | 1:4.5-1.1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-7169
https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
https://github.com/shadow-maint/shadow/pull/97
https://security.gentoo.org/glsa/201805-09
https://ubuntu.com/security/notices/USN-5254-1

| | login | CVE-2019-19882 | LOW | 1:4.5-1.1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-19882
https://bugs.archlinux.org/task/64836
https://bugs.gentoo.org/702252
https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
https://github.com/shadow-maint/shadow/pull/199
https://github.com/void-linux/void-packages/pull/17580
https://security.gentoo.org/glsa/202008-09

| | mount | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | mount | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | ncurses-base | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

| | openssl | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

| | openssl | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

| | passwd | CVE-2007-5686 | LOW | 1:4.5-1.1 | |

Expand...

| | passwd | CVE-2013-4235 | LOW | 1:4.5-1.1 | |

Expand...

| | passwd | CVE-2018-7169 | LOW | 1:4.5-1.1 | |

Expand...

| | passwd | CVE-2019-19882 | LOW | 1:4.5-1.1 | |

Expand...

Expand...

http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan

| | perl-base | CVE-2011-4116 | LOW | 5.28.1-6+deb10u1 | |

Expand...

http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://access.redhat.com/security/cve/CVE-2011-4116
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238

| | tar | CVE-2005-2541 | LOW | 1.30+dfsg-6 | |

Expand...

http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://access.redhat.com/security/cve/CVE-2005-2541
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E

| | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |

Expand...

http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
http://savannah.gnu.org/bugs/?55369
https://access.redhat.com/security/cve/CVE-2019-9923
https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://ubuntu.com/security/notices/USN-4692-1

| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-20193
https://bugzilla.redhat.com/show_bug.cgi?id=1917565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20193
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
https://savannah.gnu.org/bugs/?59897
https://security.gentoo.org/glsa/202105-29
https://ubuntu.com/security/notices/USN-5329-1

| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | util-linux | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | github.com/opencontainers/runc | CVE-2021-43784 | MEDIUM | v1.0.1 | v1.0.3 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-43784
https://bugs.chromium.org/p/project-zero/issues/detail?id=2241
https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554
https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae
https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed
https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f
https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html
https://nvd.nist.gov/vuln/detail/CVE-2021-43784

| **gobinary** | No Vulnerabilities found | |:---------------------------------| **gobinary** | No Vulnerabilities found | |:---------------------------------| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| #### Container: tccr.io/truecharts/wekan:v6.18@sha256:ec1cbf4e866d100001589aa8e480a954ec375b4677b266bcee36a8cd1d0e69e0 (ubuntu 21.10) **ubuntu** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | coreutils | CVE-2016-2781 | LOW | 8.32-4ubuntu2 | |

Expand...

Expand...

| | libgmp10 | CVE-2021-43618 | LOW | 2:6.2.1+dfsg-1ubuntu2 | |

Expand...

https://access.redhat.com/security/cve/CVE-2021-43618
https://bugs.debian.org/994405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2021-43618

| | libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.18.3-6 | |

Expand...

| | libk5crypto3 | CVE-2018-5709 | LOW | 1.18.3-6 | |

Expand...

| | libkrb5-3 | CVE-2018-5709 | LOW | 1.18.3-6 | |

Expand...

| | libkrb5support0 | CVE-2018-5709 | LOW | 1.18.3-6 | |

Expand...

| | libpcre3 | CVE-2017-11164 | LOW | 2:8.39-13build3 | |

Expand...

| | libpcre3 | CVE-2019-20838 | LOW | 2:8.39-13build3 | |

Expand...

| | libsepol1 | CVE-2021-36084 | LOW | 3.1-1ubuntu2 | |

Expand...

| | libsepol1 | CVE-2021-36085 | LOW | 3.1-1ubuntu2 | |

Expand...

| | libsepol1 | CVE-2021-36086 | LOW | 3.1-1ubuntu2 | |

Expand...

| | libsepol1 | CVE-2021-36087 | LOW | 3.1-1ubuntu2 | |

Expand...

| | login | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu9 | |

Expand...

| | passwd | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu9 | |

Expand...

Expand...

| | tar | CVE-2019-9923 | LOW | 1.34+dfsg-1build1 | |

Expand...

| **node-pkg** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | @braintree/sanitize-url | CVE-2021-23648 | MEDIUM | 3.1.0 | 6.0.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23648
https://github.com/advisories/GHSA-hqq7-2q2v-82xq
https://github.com/braintree/sanitize-url/blob/main/src/index.ts%23L11
https://github.com/braintree/sanitize-url/pull/40
https://github.com/braintree/sanitize-url/pull/40/commits/e5afda45d9833682b705f73fc2c1265d34832183
https://nvd.nist.gov/vuln/detail/CVE-2021-23648
https://snyk.io/vuln/SNYK-JS-BRAINTREESANITIZEURL-2339882

Expand...

https://github.com/acornjs/acorn/commit/793c0e569ed1158672e3a40aeed1d8518832b802
https://github.com/acornjs/acorn/issues/929
https://github.com/advisories/GHSA-6chw-6frg-f759
https://snyk.io/vuln/SNYK-JS-ACORN-559469
https://www.npmjs.com/advisories/1488

Expand...

| | ajv | CVE-2020-15366 | MEDIUM | 5.5.2 | 6.12.3 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-15366
https://github.com/advisories/GHSA-v88g-cgmw-v5xw
https://github.com/ajv-validator/ajv/commit/65b2f7d76b190ac63a0d4e9154c712d7aa37049f
https://github.com/ajv-validator/ajv/releases/tag/v6.12.3
https://github.com/ajv-validator/ajv/tags
https://hackerone.com/bugs?subject=user&report_id=894259
https://linux.oracle.com/cve/CVE-2020-15366.html
https://linux.oracle.com/errata/ELSA-2021-0551.html
https://nvd.nist.gov/vuln/detail/CVE-2020-15366
https://snyk.io/vuln/SNYK-JS-AJV-584908

Expand...

https://github.com/advisories/GHSA-j4mr-9xw3-c9jx
https://hackerone.com/reports/321692
https://nodesecurity.io/advisories/660
https://www.npmjs.com/advisories/660

Expand...

https://hackerone.com/reports/321692

| | bl | CVE-2020-8244 | HIGH | 0.9.4 | 2.2.1, 1.2.3, 4.0.3, 3.0.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-8244
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8244
https://github.com/advisories/GHSA-pp7h-53gx-mx7r
https://github.com/rvagg/bl/commit/8a8c13c880e2bef519133ea43e0e9b78b5d0c91e
https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
https://github.com/rvagg/bl/commit/dacc4ac7d5fcd6201bcf26fbd886951be9537466
https://hackerone.com/reports/966347
https://nvd.nist.gov/vuln/detail/CVE-2020-8244
https://ubuntu.com/security/notices/USN-5098-1

| | bl | GHSA-wrw9-m778-g6mc | MEDIUM | 0.9.4 | 1.0.1, 0.9.5 |

Expand...

https://github.com/advisories/GHSA-wrw9-m778-g6mc
https://github.com/rvagg/bl/pull/22
https://www.npmjs.com/advisories/596

| | bl | NSWG-ECO-391 | MEDIUM | 0.9.4 | >=1.0.1, >=0.9.5 <1.0.0 |

Expand...

https://github.com/rvagg/bl/pull/22

| | brace-expansion | CVE-2017-18077 | HIGH | 1.1.6 | 1.1.7 |

Expand...

https://access.redhat.com/security/cve/CVE-2017-18077
https://bugs.debian.org/862712
https://github.com/advisories/GHSA-832h-xg76-4gv6
https://github.com/juliangruber/brace-expansion/issues/33
https://github.com/juliangruber/brace-expansion/pull/35
https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3
https://nodesecurity.io/advisories/338
https://nvd.nist.gov/vuln/detail/CVE-2017-18077
https://www.npmjs.com/advisories/338

Expand...

https://github.com/juliangruber/brace-expansion/issues/33
https://github.com/juliangruber/brace-expansion/pull/35
https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3

| | braces | CVE-2018-1109 | LOW | 1.8.5 | 2.3.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-1109
https://bugzilla.redhat.com/show_bug.cgi?id=1547272
https://github.com/advisories/GHSA-cwfw-4gq5-mrqx
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
https://nvd.nist.gov/vuln/detail/CVE-2018-1109
https://snyk.io/vuln/npm:braces:20180219

| | braces | GHSA-g95f-p29q-9xw4 | LOW | 1.8.5 | 2.3.1 |

Expand...

https://github.com/advisories/GHSA-g95f-p29q-9xw4
https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
https://snyk.io/vuln/npm:braces:20180219
https://www.npmjs.com/advisories/786

| | browserslist | CVE-2021-23364 | MEDIUM | 4.16.3 | 4.16.5 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23364
https://github.com/advisories/GHSA-w8qv-6jwh-64r5
https://github.com/browserslist/browserslist/blob/e82f32d1d4100d6bc79ea0b6b6a2d281a561e33c/index.js%23L472-L474
https://github.com/browserslist/browserslist/commit/c091916910dfe0b5fd61caad96083c6709b02d98
https://github.com/browserslist/browserslist/pull/593
https://nvd.nist.gov/vuln/detail/CVE-2021-23364
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1277182
https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194

| | browserslist | CVE-2021-23364 | MEDIUM | 4.16.4 | 4.16.5 |

Expand...

| | bson | CVE-2018-13863 | HIGH | 0.5.7 | 1.0.5 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-13863
https://github.com/advisories/GHSA-8462-q7x7-g2x4
https://github.com/mongodb/js-bson/commit/bd61c45157c53a1698ff23770160cf4783e9ea4a
https://nvd.nist.gov/vuln/detail/CVE-2018-13863
https://snyk.io/vuln/npm:bson:20180225

| | bson | CVE-2020-7610 | HIGH | 0.5.7 | 1.1.4 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-7610
https://github.com/advisories/GHSA-v8w9-2789-6hhr
https://nvd.nist.gov/vuln/detail/CVE-2020-7610
https://snyk.io/vuln/SNYK-JS-BSON-561052

| | bson | CVE-2019-2391 | MEDIUM | 0.5.7 | 1.1.4 |

Expand...

https://github.com/advisories/GHSA-4jwp-vfvf-657p
https://github.com/mongodb/js-bson/releases/tag/v1.1.4
https://nvd.nist.gov/vuln/detail/CVE-2019-2391

| | debug | CVE-2017-16137 | LOW | 2.2.0 | 3.1.0, 2.6.9 |

Expand...

https://access.redhat.com/security/cve/CVE-2017-16137
https://github.com/advisories/GHSA-gxpj-cx7g-858c
https://github.com/visionmedia/debug/issues/501
https://github.com/visionmedia/debug/pull/504
https://lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3E
https://lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3E
https://nodesecurity.io/advisories/534
https://nvd.nist.gov/vuln/detail/CVE-2017-16137
https://www.npmjs.com/advisories/534

| | debug | CVE-2017-16137 | LOW | 2.6.1 | 3.1.0, 2.6.9 |

Expand...

| | debug | CVE-2017-16137 | LOW | 2.6.3 | 3.1.0, 2.6.9 |

Expand...

| | extend | CVE-2018-16492 | MEDIUM | 3.0.0 | 2.0.2, 3.0.2 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-16492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16492
https://github.com/advisories/GHSA-qrmc-fj45-qfc2
https://hackerone.com/reports/381185
https://nvd.nist.gov/vuln/detail/CVE-2018-16492
https://snyk.io/vuln/npm:extend:20180424
https://www.npmjs.com/advisories/996

| | fresh | CVE-2017-16119 | HIGH | 0.3.0 | 0.5.2 |

Expand...

https://access.redhat.com/security/cve/CVE-2017-16119
https://github.com/advisories/GHSA-9qj9-36jm-prpv
https://nodesecurity.io/advisories/526
https://nvd.nist.gov/vuln/detail/CVE-2017-16119
https://www.npmjs.com/advisories/526

| | glob-parent | CVE-2020-28469 | HIGH | 2.0.0 | 5.1.2 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-28469
https://github.com/advisories/GHSA-ww39-953v-wcq6
https://github.com/gulpjs/glob-parent/blob/6ce8d11f2f1ed8e80a9526b1dc8cf3aa71f43474/index.js%23L9
https://github.com/gulpjs/glob-parent/pull/36
https://github.com/gulpjs/glob-parent/releases/tag/v5.1.2
https://linux.oracle.com/cve/CVE-2020-28469.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2020-28469
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBES128-1059093
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059092
https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
https://www.oracle.com/security-alerts/cpujan2022.html

| | hawk | CVE-2016-2515 | MEDIUM | 1.1.1 | >=3.1.3 < 4.0.0, >=4.1.1 |

Expand...

http://www.openwall.com/lists/oss-security/2016/02/20/1
http://www.openwall.com/lists/oss-security/2016/02/20/2
https://access.redhat.com/security/cve/CVE-2016-2515
https://bugzilla.redhat.com/show_bug.cgi?id=1309721
https://github.com/advisories/GHSA-jcpv-g9rr-qxrc
https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa
https://github.com/hueniverse/hawk/issues/168
https://nodesecurity.io/advisories/77
https://nvd.nist.gov/vuln/detail/CVE-2016-2515
https://www.npmjs.com/advisories/77
https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

| | hoek | CVE-2018-3728 | LOW | 0.9.1 | >=5.0.3 >=4.2.1 |

Expand...

http://www.securityfocus.com/bid/103108
https://access.redhat.com/errata/RHSA-2018:1263
https://access.redhat.com/errata/RHSA-2018:1264
https://access.redhat.com/security/cve/CVE-2018-3728
https://github.com/advisories/GHSA-jp4x-w63m-7wgm
https://github.com/hapijs/hoek/commit/32ed5c9413321fbc37da5ca81a7cbab693786dee
https://hackerone.com/reports/310439
https://nodesecurity.io/advisories/566
https://nvd.nist.gov/vuln/detail/CVE-2018-3728
https://snyk.io/vuln/npm:hoek:20180212
https://www.npmjs.com/advisories/566

| | hoek | CVE-2018-3728 | LOW | 2.16.3 | >=5.0.3 >=4.2.1 |

Expand...

| | hosted-git-info | CVE-2021-23362 | MEDIUM | 2.1.5 | 2.8.9, 3.0.8 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23362
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://github.com/advisories/GHSA-43f8-2h32-f4cj
https://github.com/npm/hosted-git-info/commit/29adfe5ef789784c861b2cdeb15051ec2ba651a7
https://github.com/npm/hosted-git-info/commit/8d4b3697d79bcd89cdb36d1db165e3696c783a01
https://github.com/npm/hosted-git-info/commit/bede0dc38e1785e732bf0a48ba6f81a4a908eba3
https://github.com/npm/hosted-git-info/commits/v2
https://github.com/npm/hosted-git-info/pull/76
https://linux.oracle.com/cve/CVE-2021-23362.html
https://linux.oracle.com/errata/ELSA-2021-3074.html
https://nvd.nist.gov/vuln/detail/CVE-2021-23362
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088356
https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355

| | ini | CVE-2020-7788 | HIGH | 1.3.4 | 1.3.6 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-7788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
https://linux.oracle.com/cve/CVE-2020-7788.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7788
https://snyk.io/vuln/SNYK-JS-INI-1048974
https://www.npmjs.com/advisories/1589

| | is-my-json-valid | CVE-2018-1107 | MEDIUM | 2.15.0 | 1.4.1, 2.17.2 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-1107
https://bugzilla.redhat.com/show_bug.cgi?id=1546357
https://github.com/advisories/GHSA-4hpf-3wq7-5rpr
https://github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976
https://github.com/mafintosh/is-my-json-valid/pull/159
https://nvd.nist.gov/vuln/detail/CVE-2018-1107
https://snyk.io/vuln/npm:is-my-json-valid:20180214

| | is-my-json-valid | NSWG-ECO-375 | LOW | 2.15.0 | >=1.4.1 <2.0.0, >=2.17.2 |

Expand...

https://github.com/mafintosh/is-my-json-valid/commit/b3051b277f7caa08cd2edc6f74f50aeda65d2976
https://github.com/mafintosh/is-my-json-valid/pull/159
https://hackerone.com/reports/317548

Expand...

https://github.com/jquery/jquery/commit/b078a62013782c7424a4a61a240c23c4c0b42614)
https://github.com/jquery/jquery/issues/2432)
https://github.com/jquery/jquery/pull/2588)

| | jquery | CVE-2015-9251 | MEDIUM | 2.2.4 | 3.0.0 |

Expand...

| | jquery | CVE-2019-11358 | MEDIUM | 2.2.4 | >=3.4.0 |

Expand...

| | jquery | CVE-2020-11022 | MEDIUM | 2.2.4 | 3.5.0 |

Expand...

| | jquery | CVE-2020-11023 | MEDIUM | 2.2.4 | 3.5.0 |

Expand...

| | json-schema | CVE-2021-3918 | MEDIUM | 0.2.3 | 0.4.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-3918
https://github.com/advisories/GHSA-896r-f27r-55mw
https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
https://linux.oracle.com/cve/CVE-2021-3918.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3918

| | jsonpointer | CVE-2021-23807 | MEDIUM | 4.0.0 | 5.0.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23807
https://github.com/advisories/GHSA-282f-qqgm-c34q
https://github.com/janl/node-jsonpointer/commit/a0345f3550cd9c4d89f33b126390202b89510ad4
https://github.com/janl/node-jsonpointer/pull/51
https://nvd.nist.gov/vuln/detail/CVE-2021-23807
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1910273
https://snyk.io/vuln/SNYK-JS-JSONPOINTER-1577288

| | lodash | CVE-2019-10744 | CRITICAL | 1.0.2 | 4.17.12 |

Expand...

https://access.redhat.com/errata/RHSA-2019:3024
https://access.redhat.com/security/cve/CVE-2019-10744
https://github.com/advisories/GHSA-jf85-cpcp-j695
https://github.com/lodash/lodash/pull/4336
https://nvd.nist.gov/vuln/detail/CVE-2019-10744
https://security.netapp.com/advisory/ntap-20191004-0005/
https://snyk.io/vuln/SNYK-JS-LODASH-450202
https://support.f5.com/csp/article/K47105354?utm_source=f5support&utm_medium=RSS
https://www.npmjs.com/advisories/1065
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuoct2020.html

| | lodash | CVE-2018-16487 | HIGH | 1.0.2 | >=4.17.11 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-16487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16487
https://github.com/advisories/GHSA-4xc9-xhrj-v574
https://hackerone.com/reports/380873
https://nvd.nist.gov/vuln/detail/CVE-2018-16487
https://security.netapp.com/advisory/ntap-20190919-0004/
https://www.npmjs.com/advisories/782

| | lodash | CVE-2020-8203 | HIGH | 1.0.2 | 4.17.20 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-8203
https://github.com/advisories/GHSA-p6mc-m468-83gw
https://github.com/lodash/lodash/commit/c84fe82760fb2d3e03a63379b297a1cc1a2fce12
https://github.com/lodash/lodash/issues/4744
https://github.com/lodash/lodash/issues/4874
https://hackerone.com/reports/712065
https://nvd.nist.gov/vuln/detail/CVE-2020-8203
https://security.netapp.com/advisory/ntap-20200724-0006/
https://www.npmjs.com/advisories/1523
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | lodash | CVE-2021-23337 | HIGH | 1.0.2 | 4.17.21 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23337
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
https://github.com/advisories/GHSA-35jh-r3h4-6jhm
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js#L14851
https://github.com/lodash/lodash/blob/ddfd9b11a0126db2302cb70ec9973b66baec0975/lodash.js%23L14851
https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c
https://nvd.nist.gov/vuln/detail/CVE-2021-23337
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074930
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074928
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074931
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074929
https://snyk.io/vuln/SNYK-JS-LODASH-1040724
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | lodash | CVE-2019-1010266 | MEDIUM | 1.0.2 | 4.17.11 |

Expand...

https://access.redhat.com/security/cve/CVE-2019-1010266
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010266
https://github.com/advisories/GHSA-x5rq-j2xg-h7qm
https://github.com/lodash/lodash/commit/5c08f18d365b64063bfbfa686cbb97cdd6267347
https://github.com/lodash/lodash/issues/3359
https://github.com/lodash/lodash/wiki/Changelog
https://nvd.nist.gov/vuln/detail/CVE-2019-1010266
https://security.netapp.com/advisory/ntap-20190919-0004/
https://snyk.io/vuln/SNYK-JS-LODASH-73639

| | lodash | CVE-2020-28500 | MEDIUM | 1.0.2 | 4.17.21 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-28500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
https://github.com/advisories/GHSA-29mw-wpgm-hmr9
https://github.com/lodash/lodash/blob/npm/trimEnd.js#L8
https://github.com/lodash/lodash/blob/npm/trimEnd.js%23L8
https://github.com/lodash/lodash/pull/5065
https://github.com/lodash/lodash/pull/5065/commits/02906b8191d3c100c193fe6f7b27d1c40f200bb7
https://nvd.nist.gov/vuln/detail/CVE-2020-28500
https://security.netapp.com/advisory/ntap-20210312-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGFUJIONWEBJARS-1074896
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074894
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074892
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBLODASH-1074895
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074893
https://snyk.io/vuln/SNYK-JS-LODASH-1018905
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html

| | lodash | CVE-2018-3721 | LOW | 1.0.2 | >=4.17.5 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-3721
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3721
https://github.com/advisories/GHSA-fvqr-27wr-82fm
https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
https://hackerone.com/reports/310443
https://nvd.nist.gov/vuln/detail/CVE-2018-3721
https://security.netapp.com/advisory/ntap-20190919-0004/
https://snyk.io/vuln/npm:lodash:20180130
https://www.npmjs.com/advisories/577

| | lodash | CVE-2019-10744 | CRITICAL | 3.10.0 | 4.17.12 |

Expand...

| | lodash | CVE-2018-16487 | HIGH | 3.10.0 | >=4.17.11 |

Expand...

| | lodash | CVE-2020-8203 | HIGH | 3.10.0 | 4.17.20 |

Expand...

| | lodash | CVE-2021-23337 | HIGH | 3.10.0 | 4.17.21 |

Expand...

| | lodash | CVE-2019-1010266 | MEDIUM | 3.10.0 | 4.17.11 |

Expand...

| | lodash | CVE-2020-28500 | MEDIUM | 3.10.0 | 4.17.21 |

Expand...

| | lodash | CVE-2018-3721 | LOW | 3.10.0 | >=4.17.5 |

Expand...

| | lodash | CVE-2019-10744 | CRITICAL | 3.10.1 | 4.17.12 |

Expand...

| | lodash | CVE-2018-16487 | HIGH | 3.10.1 | >=4.17.11 |

Expand...

| | lodash | CVE-2020-8203 | HIGH | 3.10.1 | 4.17.20 |

Expand...

| | lodash | CVE-2021-23337 | HIGH | 3.10.1 | 4.17.21 |

Expand...

| | lodash | CVE-2019-1010266 | MEDIUM | 3.10.1 | 4.17.11 |

Expand...

| | lodash | CVE-2020-28500 | MEDIUM | 3.10.1 | 4.17.21 |

Expand...

| | lodash | CVE-2018-3721 | LOW | 3.10.1 | >=4.17.5 |

Expand...

| | lodash | CVE-2019-10744 | CRITICAL | 4.17.10 | 4.17.12 |

Expand...

| | lodash | CVE-2018-16487 | HIGH | 4.17.10 | >=4.17.11 |

Expand...

| | lodash | CVE-2020-8203 | HIGH | 4.17.10 | 4.17.20 |

Expand...

| | lodash | CVE-2021-23337 | HIGH | 4.17.10 | 4.17.21 |

Expand...

| | lodash | CVE-2019-1010266 | MEDIUM | 4.17.10 | 4.17.11 |

Expand...

| | lodash | CVE-2020-28500 | MEDIUM | 4.17.10 | 4.17.21 |

Expand...

| | lodash | CVE-2019-10744 | CRITICAL | 4.17.4 | 4.17.12 |

Expand...

| | lodash | CVE-2018-16487 | HIGH | 4.17.4 | >=4.17.11 |

Expand...

| | lodash | CVE-2020-8203 | HIGH | 4.17.4 | 4.17.20 |

Expand...

| | lodash | CVE-2021-23337 | HIGH | 4.17.4 | 4.17.21 |

Expand...

| | lodash | CVE-2019-1010266 | MEDIUM | 4.17.4 | 4.17.11 |

Expand...

| | lodash | CVE-2020-28500 | MEDIUM | 4.17.4 | 4.17.21 |

Expand...

| | lodash | CVE-2018-3721 | LOW | 4.17.4 | >=4.17.5 |

Expand...

| | lodash.template | CVE-2019-10744 | CRITICAL | 3.6.2 | 4.5.0 |

Expand...

| | method-override | CVE-2017-16136 | HIGH | 2.3.5 | 2.3.10, 2.3.10 |

Expand...

https://access.redhat.com/security/cve/CVE-2017-16136
https://github.com/advisories/GHSA-qx2f-477c-35rq
https://nodesecurity.io/advisories/538
https://nvd.nist.gov/vuln/detail/CVE-2017-16136
https://www.npmjs.com/advisories/538

| | mime | CVE-2017-16138 | MEDIUM | 1.2.11 | 2.0.3, 1.4.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2017-16138
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16138
https://github.com/advisories/GHSA-wrvr-8mpx-r7pp
https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x)
https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x)
https://github.com/broofa/node-mime/issues/167
https://nodesecurity.io/advisories/535
https://nvd.nist.gov/vuln/detail/CVE-2017-16138
https://www.npmjs.com/advisories/535

| | mime | CVE-2017-16138 | MEDIUM | 1.3.4 | 2.0.3, 1.4.1 |

Expand...

| | minimatch | CVE-2016-10540 | HIGH | 0.2.14 | 3.0.2 |

Expand...

https://github.com/advisories/GHSA-hxm2-r34f-qmc5
https://nodesecurity.io/advisories/118
https://nvd.nist.gov/vuln/detail/CVE-2016-10540
https://www.npmjs.com/advisories/118

Expand...

https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

| | minimatch | CVE-2016-10540 | HIGH | 2.0.10 | 3.0.2 |

Expand...

https://github.com/advisories/GHSA-hxm2-r34f-qmc5
https://nodesecurity.io/advisories/118
https://nvd.nist.gov/vuln/detail/CVE-2016-10540
https://www.npmjs.com/advisories/118

Expand...

https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

| | minimist | CVE-2021-44906 | CRITICAL | 0.0.8 | 1.2.6 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-44906
https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
https://github.com/advisories/GHSA-xvch-5gv4-984h
https://github.com/substack/minimist/blob/master/index.js#L69
https://github.com/substack/minimist/issues/164
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068

| | minimist | CVE-2020-7598 | MEDIUM | 0.0.8 | 1.2.3, 0.2.1 |

Expand...

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
https://access.redhat.com/security/cve/CVE-2020-7598
https://github.com/advisories/GHSA-vh95-rmgr-6w4m
https://github.com/substack/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
https://github.com/substack/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
https://linux.oracle.com/cve/CVE-2020-7598.html
https://linux.oracle.com/errata/ELSA-2020-2852.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7598
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
https://www.npmjs.com/advisories/1179

| | minimist | CVE-2021-44906 | CRITICAL | 1.2.0 | 1.2.6 |

Expand...

| | minimist | CVE-2020-7598 | MEDIUM | 1.2.0 | 1.2.3, 0.2.1 |

Expand...

| | minimist | CVE-2021-44906 | CRITICAL | 1.2.5 | 1.2.6 |

Expand...

| | moment | CVE-2022-24785 | HIGH | 2.29.1 | 2.29.2 |

Expand...

https://access.redhat.com/security/cve/CVE-2022-24785
https://github.com/advisories/GHSA-8hfj-j24r-96c4
https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5
https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4
https://nvd.nist.gov/vuln/detail/CVE-2022-24785

Expand...

https://github.com/advisories/GHSA-mh5c-679w-hh4r
https://www.npmjs.com/advisories/1203

| | morgan | CVE-2019-5413 | MEDIUM | 1.6.1 | 1.9.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2019-5413
https://github.com/advisories/GHSA-gwg9-rgvj-4h5j
https://github.com/nodejs/security-wg/blob/master/vuln/npm/473.json
https://hackerone.com/reports/390881
https://lists.apache.org/thread.html/r8ba4c628fba7181af58817d452119481adce4ba92e889c643e4c7dd3@%3Ccommits.netbeans.apache.org%3E
https://lists.apache.org/thread.html/rb5ac16fad337d1f3bb7079549f97d8166d0ef3082629417c39f12d63@%3Cnotifications.netbeans.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-5413
https://www.npmjs.com/advisories/736

Expand...

https://hackerone.com/reports/390881

| | nanoid | CVE-2021-23566 | MEDIUM | 3.1.22 | 3.1.31 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23566
https://gist.github.com/artalar/bc6d1eb9a3477d15d2772e876169a444
https://github.com/advisories/GHSA-qrpm-p2h7-hrv2
https://github.com/ai/nanoid/commit/2b7bd9332bc49b6330c7ddb08e5c661833db2575
https://github.com/ai/nanoid/pull/328
https://nvd.nist.gov/vuln/detail/CVE-2021-23566
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2332550
https://snyk.io/vuln/SNYK-JS-NANOID-2332193

| | negotiator | CVE-2016-10539 | HIGH | 0.5.3 | 0.6.1 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10539
https://github.com/advisories/GHSA-7mc5-chhp-fmc3
https://nodesecurity.io/advisories/106
https://nvd.nist.gov/vuln/detail/CVE-2016-10539
https://www.npmjs.com/advisories/106

Expand...

https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS

| | node-fetch | CVE-2022-0235 | HIGH | 2.3.0 | 2.6.7, 3.1.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2022-0235
https://github.com/advisories/GHSA-r683-j2x4-v87g
https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
https://github.com/node-fetch/node-fetch/commit/5c32f002fdd65b1c6a8f1e3620210813d45c7e60
https://github.com/node-fetch/node-fetch/pull/1453
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/
https://nvd.nist.gov/vuln/detail/CVE-2022-0235

| | node-fetch | CVE-2020-15168 | LOW | 2.3.0 | 3.0.0-beta.9, 2.6.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-15168
https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
https://nvd.nist.gov/vuln/detail/CVE-2020-15168
https://www.npmjs.com/package/node-fetch

| | node-forge | CVE-2020-7720 | HIGH | 0.7.1 | 0.10.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2020-7720
https://github.com/advisories/GHSA-92xj-mqp7-vmcj
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
https://nvd.nist.gov/vuln/detail/CVE-2020-7720
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677

| | node-forge | CVE-2022-24771 | HIGH | 0.7.1 | 1.3.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2022-24771
https://github.com/advisories/GHSA-cfm4-qjh2-4765
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765
https://nvd.nist.gov/vuln/detail/CVE-2022-24771

| | node-forge | CVE-2022-24772 | HIGH | 0.7.1 | 1.3.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2022-24772
https://github.com/advisories/GHSA-x4jg-mjrx-434g
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g
https://nvd.nist.gov/vuln/detail/CVE-2022-24772

| | node-forge | CVE-2022-0122 | MEDIUM | 0.7.1 | 1.0.0 |

Expand...

https://github.com/advisories/GHSA-8fr3-hfg3-gpgp
https://github.com/digitalbazaar/forge/commit/db8016c805371e72b06d8e2edfe0ace0df934a5e
https://huntr.dev/bounties/41852c50-3c6d-4703-8c55-4db27164a4ae
https://nvd.nist.gov/vuln/detail/CVE-2022-0122

| | node-forge | CVE-2022-24773 | MEDIUM | 0.7.1 | 1.3.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2022-24773
https://github.com/advisories/GHSA-2r2c-g63r-vccr
https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1
https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr
https://nvd.nist.gov/vuln/detail/CVE-2022-24773

| | node-forge | GHSA-5rrq-pxf6-6jx5 | LOW | 0.7.1 | 1.0.0 |

Expand...

https://github.com/advisories/GHSA-5rrq-pxf6-6jx5
https://github.com/digitalbazaar/forge/security/advisories/GHSA-5rrq-pxf6-6jx5

| | node-forge | GHSA-gf8q-jrpm-jvxq | LOW | 0.7.1 | 1.0.0 |

Expand...

https://github.com/advisories/GHSA-gf8q-jrpm-jvxq
https://github.com/digitalbazaar/forge/security/advisories/GHSA-gf8q-jrpm-jvxq

| | node-forge | GHSA-wxgw-qj99-44c2 | LOW | 0.7.1 | 0.10.0 |

Expand...

https://github.com/advisories/GHSA-wxgw-qj99-44c2
https://github.com/digitalbazaar/forge/security/advisories/GHSA-wxgw-qj99-44c2

| | node-uuid | CVE-2015-8851 | MEDIUM | 1.4.2 | >=1.4.4 |

Expand...

http://www.openwall.com/lists/oss-security/2016/04/13/8
https://access.redhat.com/security/cve/CVE-2015-8851
https://bugzilla.redhat.com/show_bug.cgi?id=1327056
https://github.com/advisories/GHSA-265q-28rp-chq5
https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
https://github.com/broofa/node-uuid/issues/108
https://github.com/broofa/node-uuid/issues/122
https://nodesecurity.io/advisories/93
https://nvd.nist.gov/vuln/detail/CVE-2015-8851
https://www.npmjs.com/advisories/93

| | nodemailer | CVE-2020-7769 | CRITICAL | 6.4.6 | 6.4.16 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7769
https://github.com/advisories/GHSA-48ww-j4fc-435p
https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js#L75
https://github.com/nodemailer/nodemailer/blob/33b62e2ea6bc9215c99a9bb4bfba94e2fb27ebd0/lib/sendmail-transport/index.js%23L75
https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54
https://nvd.nist.gov/vuln/detail/CVE-2020-7769
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1039742
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834
https://www.npmjs.com/package/nodemailer

| | nodemailer | CVE-2021-23400 | MEDIUM | 6.4.6 | 6.6.1 |

Expand...

https://github.com/advisories/GHSA-hwqf-gcqm-7353
https://github.com/nodemailer/nodemailer/commit/7e02648cc8cd863f5085bad3cd09087bccf84b9f
https://github.com/nodemailer/nodemailer/issues/1289
https://nvd.nist.gov/vuln/detail/CVE-2021-23400
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314737
https://snyk.io/vuln/SNYK-JS-NODEMAILER-1296415

| | nth-check | CVE-2021-3803 | MEDIUM | 1.0.2 | 2.0.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-3803
https://github.com/advisories/GHSA-rp65-9cf3-cjxr
https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726
https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0
https://nvd.nist.gov/vuln/detail/CVE-2021-3803

| | path-parse | CVE-2021-23343 | MEDIUM | 1.0.6 | 1.0.7 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23343
https://github.com/advisories/GHSA-hj48-42vr-x3v9
https://github.com/jbgutierrez/path-parse/commit/eca63a7b9a473bf6978a2f5b7b3343662d1506f7
https://github.com/jbgutierrez/path-parse/issues/8
https://github.com/jbgutierrez/path-parse/pull/10
https://linux.oracle.com/cve/CVE-2021-23343.html
https://linux.oracle.com/errata/ELSA-2021-3666.html
https://lists.apache.org/thread.html/r6a32cb3eda3b19096ad48ef1e7aa8f26e005f2f63765abb69ce08b85@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-23343
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279028
https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067

| | postcss | CVE-2021-23368 | MEDIUM | 7.0.35 | 8.2.10, 7.0.36 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
https://github.com/postcss/postcss/commit/54cbf3c4847eb0fb1501b9d2337465439e849734
https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4
https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5
https://lists.apache.org/thread.html/r00158f5d770d75d0655c5eef1bdbc6150531606c8f8bcb778f0627be@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r16e295b4f02d81b79981237d602cb0b9e59709bafaa73ac98be7cef1@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r49afb49b38748897211b1f89c3a64dc27f9049474322b05715695aab@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r5acd89f3827ad9a9cad6d24ed93e377f7114867cd98cfba616c6e013@%3Ccommits.myfaces.apache.org%3E
https://lists.apache.org/thread.html/r8def971a66cf3e375178fbee752e1b04a812a047cc478ad292007e33@%3Cdev.myfaces.apache.org%3E
https://lists.apache.org/thread.html/rad5af2044afb51668b1008b389ac815a28ecea9eb75ae2cab5a00ebb@%3Ccommits.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-23368
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1244795
https://snyk.io/vuln/SNYK-JS-POSTCSS-1090595

| | postcss | CVE-2021-23382 | MEDIUM | 7.0.35 | 7.0.36, 8.2.13 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23382
https://github.com/advisories/GHSA-566m-qj78-rww5
https://github.com/postcss/postcss/commit/2b1d04c867995e55124e0a165b7c6622c1735956
https://github.com/postcss/postcss/releases/tag/7.0.36
https://nvd.nist.gov/vuln/detail/CVE-2021-23382
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1255641
https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640

| | postcss | CVE-2021-23382 | MEDIUM | 8.2.10 | 7.0.36, 8.2.13 |

Expand...

| | qs | CVE-2017-1000048 | HIGH | 2.3.3 | 6.3.2, 6.2.3, 6.1.2, 6.0.4 |

Expand...

https://access.redhat.com/errata/RHSA-2017:2672
https://access.redhat.com/security/cve/CVE-2017-1000048
https://github.com/advisories/GHSA-gqgv-6jq5-jjj9
https://github.com/ljharb/qs/commit/beade029171b8cef9cee0d03ebe577e2dd84976d
https://github.com/ljharb/qs/issues/200
https://nvd.nist.gov/vuln/detail/CVE-2017-1000048
https://snyk.io/vuln/npm:qs:20170213
https://www.npmjs.com/advisories/1469

| | qs | CVE-2017-1000048 | HIGH | 4.0.0 | 6.3.2, 6.2.3, 6.1.2, 6.0.4 |

Expand...

| | qs | CVE-2017-1000048 | HIGH | 5.2.0 | 6.3.2, 6.2.3, 6.1.2, 6.0.4 |

Expand...

| | qs | CVE-2017-1000048 | HIGH | 6.3.0 | 6.3.2, 6.2.3, 6.1.2, 6.0.4 |

Expand...

| | randomatic | CVE-2017-16028 | LOW | 1.1.5 | 3.0.0 |

Expand...

https://github.com/advisories/GHSA-6g33-f262-xjp4
https://github.com/jonschlinkert/randomatic/commit/4a526959b3a246ae8e4a82f9c182180907227fe1#diff-b9cfc7f2cdf78a7f4b91a753d10865a2
https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66
https://nodesecurity.io/advisories/157
https://nvd.nist.gov/vuln/detail/CVE-2017-16028
https://www.npmjs.com/advisories/157

| | sshpk | CVE-2018-3737 | HIGH | 1.10.1 | 1.13.2 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-3737
https://github.com/advisories/GHSA-2m39-62fm-q8r3
https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.js#L17
https://github.com/joyent/node-sshpk/commit/46065d38a5e6d1bccf86d3efb2fb83c14e3f9957
https://hackerone.com/reports/319593
https://nvd.nist.gov/vuln/detail/CVE-2018-3737
https://www.npmjs.com/advisories/606

Expand...

https://github.com/joyent/node-sshpk/blob/v1.13.1/lib/formats/ssh.js#L17
https://hackerone.com/reports/319593

| | stringstream | CVE-2018-21270 | MEDIUM | 0.0.4 | 0.0.6 |

Expand...

https://access.redhat.com/security/cve/CVE-2018-21270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-21270
https://github.com/advisories/GHSA-mf6x-7mm4-x2g7
https://github.com/mhart/StringStream/blob/v0.0.5/stringstream.js#L32
https://github.com/mhart/StringStream/commit/afbc7442220358419e330618e47f3a65fc265b1b
https://github.com/mhart/StringStream/issues/7
https://hackerone.com/reports/321670
https://www.npmjs.com/advisories/664

Expand...

https://github.com/mhart/StringStream/blob/v0.0.5/stringstream.js#L32
https://hackerone.com/reports/321670

| | stringstream | CVE-2018-21270 | MEDIUM | 0.0.5 | 0.0.6 |

Expand...

Expand...

https://github.com/mhart/StringStream/blob/v0.0.5/stringstream.js#L32
https://hackerone.com/reports/321670

| | tough-cookie | CVE-2016-1000232 | HIGH | 0.12.1 | >=2.3.0 |

Expand...

https://access.redhat.com/errata/RHSA-2016:2101
https://access.redhat.com/errata/RHSA-2017:2912
https://access.redhat.com/security/cve/CVE-2016-1000232
https://access.redhat.com/security/cve/cve-2016-1000232
https://github.com/advisories/GHSA-qhv9-728r-6jqg
https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae
https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534
https://nodesecurity.io/advisories/130
https://nvd.nist.gov/vuln/detail/CVE-2016-1000232
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/
https://www.npmjs.com/advisories/130

| | tough-cookie | CVE-2017-15010 | HIGH | 0.12.1 | 2.3.3 |

Expand...

http://www.securityfocus.com/bid/101185
https://access.redhat.com/errata/RHSA-2017:2912
https://access.redhat.com/errata/RHSA-2017:2913
https://access.redhat.com/errata/RHSA-2018:1263
https://access.redhat.com/errata/RHSA-2018:1264
https://access.redhat.com/security/cve/CVE-2017-15010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15010
https://github.com/advisories/GHSA-g7q5-pjjr-gqvp
https://github.com/salesforce/tough-cookie/issues/92
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/
https://nodesecurity.io/advisories/525
https://nvd.nist.gov/vuln/detail/CVE-2017-15010
https://snyk.io/vuln/npm:tough-cookie:20170905
https://www.npmjs.com/advisories/525

| | tough-cookie | CVE-2017-15010 | HIGH | 2.3.2 | 2.3.3 |

Expand...

| | trim-newlines | CVE-2021-33623 | HIGH | 1.0.0 | 4.0.1, 3.0.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-33623
https://github.com/advisories/GHSA-7p7h-4mm5-852v
https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91
https://github.com/sindresorhus/trim-newlines/releases/tag/v4.0.1
https://nvd.nist.gov/vuln/detail/CVE-2021-33623
https://security.netapp.com/advisory/ntap-20210702-0007/
https://www.npmjs.com/package/trim-newlines

Expand...

https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4
https://github.com/advisories/GHSA-xc7v-wxcw-j472
https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0
https://www.npmjs.com/advisories/598

Expand...

https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4
https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0

Expand...

Expand...

https://gist.github.com/ChALkeR/fd6b2c445834244e7d440a043f9d2ff4
https://github.com/request/tunnel-agent/commit/9ca95ec7219daface8a6fc2674000653de0922c0

| | underscore | CVE-2021-23358 | HIGH | 1.9.1 | 1.12.1 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-23358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23358
https://github.com/advisories/GHSA-cf4h-3jhx-xvhq
https://github.com/jashkenas/underscore/blob/master/modules/template.js%23L71
https://github.com/jashkenas/underscore/commit/4c73526d43838ad6ab43a6134728776632adeb66
https://github.com/jashkenas/underscore/pull/2917
https://github.com/jashkenas/underscore/releases/tag/1.12.1
https://lists.apache.org/thread.html/r5df90c46f7000c4aab246e947f62361ecfb849c5a553dcdb0ef545e1@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/r770f910653772317b117ab4472b0a32c266ee4abbafda28b8a6f9306@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/raae088abdfa4fbd84e1d19d7a7ffe52bf8e426b83e6599ea9a734dba@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/rbc84926bacd377503a3f5c37b923c1931f9d343754488d94e6f08039@%3Cissues.cordova.apache.org%3E
https://lists.apache.org/thread.html/re69ee408b3983b43e9c4a82a9a17cbbf8681bb91a4b61b46f365aeaf@%3Cissues.cordova.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/03/msg00038.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKATXXETD2PF3OR36Q5PD2VSVAR6J5Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGEE7U4Z655A2MK5EW4UQQZ7B64XJWBV/
https://nvd.nist.gov/vuln/detail/CVE-2021-23358
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1081504
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBJASHKENAS-1081505
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1081503
https://snyk.io/vuln/SNYK-JS-UNDERSCORE-1080984
https://ubuntu.com/security/notices/USN-4913-1
https://ubuntu.com/security/notices/USN-4913-2
https://www.debian.org/security/2021/dsa-4883
https://www.npmjs.com/package/underscore
https://www.tenable.com/security/tns-2021-14

Expand...

https://github.com/advisories/GHSA-c27r-x354-4m68
https://github.com/yaronn/xml-crypto/commit/3d9db712e6232c765cd2ad6bd2902b88a0d22100
https://github.com/yaronn/xml-crypto/security/advisories/GHSA-c27r-x354-4m68
https://www.npmjs.com/package/xml-crypto

| | xmldom | CVE-2021-32796 | MEDIUM | 0.1.19 | 0.7.0 |

Expand...

https://access.redhat.com/security/cve/CVE-2021-32796
https://github.com/advisories/GHSA-5fg8-2547-mr8q
https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b
https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://mattermost.com/blog/securing-xml-implementations-across-the-web/
https://nvd.nist.gov/vuln/detail/CVE-2021-32796
https://www.npmjs.com/package/@xmldom/xmldom

| | xmldom | CVE-2021-21366 | LOW | 0.1.19 | 0.5.0 |

Expand...

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21366
https://github.com/advisories/GHSA-h6q6-9hqw-rwfv
https://github.com/xmldom/xmldom/commit/d4201b9dfbf760049f457f9f08a3888d48835135
https://github.com/xmldom/xmldom/releases/tag/0.5.0
https://github.com/xmldom/xmldom/security/advisories/GHSA-h6q6-9hqw-rwfv
https://nvd.nist.gov/vuln/detail/CVE-2021-21366
https://www.npmjs.com/package/xmldom

| | xmldom | CVE-2021-32796 | MEDIUM | 0.1.27 | 0.7.0 |

Expand...

| | xmldom | CVE-2021-21366 | LOW | 0.1.27 | 0.5.0 |

Expand...

| | ssl_client | CVE-2022-28391 | UNKNOWN | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |

Expand...

| | ssl_client | CVE-2022-28391 | UNKNOWN | 1.34.1-r4 | 1.34.1-r5 |

Expand...

| | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |

Expand...

| | bash | CVE-2019-18276 | LOW | 5.0-4 | |

Expand...

| | bsdutils | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | bsdutils | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | coreutils | CVE-2016-2781 | LOW | 8.30-3 | |

Expand...

| | coreutils | CVE-2017-18018 | LOW | 8.30-3 | |

Expand...

http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
https://access.redhat.com/security/cve/CVE-2017-18018

Expand...

Expand...

| | curl | CVE-2021-22898 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | curl | CVE-2021-22922 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | curl | CVE-2021-22923 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | curl | CVE-2021-22924 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | fdisk | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | fdisk | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-12886
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
https://www.gnu.org/software/gcc/gcc-8/changes.html

| | gcc-8-base | CVE-2019-15847 | HIGH | 8.3.0-6 | |

Expand...

| | gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | |

Expand...

| | gzip | CVE-2022-1271 | HIGH | 1.9-3 | |

Expand...

| | libapt-pkg5.0 | CVE-2011-3374 | LOW | 1.8.2.3 | |

Expand...

| | libblkid1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libblkid1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

| | libc-bin | CVE-2010-4756 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2016-10228 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2018-20796 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2019-1010022 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2019-1010023 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2019-1010024 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2019-1010025 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2019-19126 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2019-9192 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS

| | libc-bin | CVE-2020-6096 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc-bin | CVE-2021-27645 | LOW | 2.28-10+deb10u1 | |

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

Expand...

| | libc6 | CVE-2010-4756 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2016-10228 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2018-20796 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010022 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010023 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010024 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-1010025 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-19126 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2019-9192 | LOW | 2.28-10+deb10u1 | |

Expand...

https://access.redhat.com/security/cve/CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS

| | libc6 | CVE-2020-6096 | LOW | 2.28-10+deb10u1 | |

Expand...

| | libc6 | CVE-2021-27645 | LOW | 2.28-10+deb10u1 | |

Expand...

Expand...

Expand...

| | libcurl4 | CVE-2021-22898 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libcurl4 | CVE-2021-22922 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libcurl4 | CVE-2021-22923 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libcurl4 | CVE-2021-22924 | LOW | 7.64.0-4+deb10u2 | |

Expand...

| | libfdisk1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libfdisk1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-12886
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
https://www.gnu.org/software/gcc/gcc-8/changes.html

| | libgcc1 | CVE-2019-15847 | HIGH | 8.3.0-6 | |

Expand...

Expand...

Expand...

| | libgcrypt20 | CVE-2018-6829 | LOW | 1.8.4-5+deb10u1 | |

Expand...

Expand...

https://access.redhat.com/security/cve/CVE-2021-4209

| | libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | |

Expand...

| | libgssapi-krb5-2 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

Expand...

| | libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libk5crypto3 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5-3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5-3 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5support0 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libkrb5support0 | CVE-2018-5709 | LOW | 1.17-3+deb10u3 | |

Expand...

| | libldap-2.4-2 | CVE-2015-3276 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-2.4-2 | CVE-2017-14159 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://www.openldap.org/its/index.cgi?findid=8703
https://access.redhat.com/security/cve/CVE-2017-14159

| | libldap-2.4-2 | CVE-2017-17740 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-2.4-2 | CVE-2020-15719 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-common | CVE-2015-3276 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-common | CVE-2017-14159 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

http://www.openldap.org/its/index.cgi?findid=8703
https://access.redhat.com/security/cve/CVE-2017-14159

| | libldap-common | CVE-2017-17740 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | libldap-common | CVE-2020-15719 | LOW | 2.4.47+dfsg-3+deb10u6 | |

Expand...

| | liblz4-1 | CVE-2019-17543 | LOW | 1.8.3-1+deb10u1 | |

Expand...

| | liblzma5 | CVE-2022-1271 | HIGH | 5.2.4-1 | |

Expand...

| | libmount1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libmount1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | libncurses6 | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

| | libncursesw6 | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

Expand...

| | libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | |

Expand...

| | libpcre3 | CVE-2017-11164 | LOW | 2:8.39-12 | |

Expand...

| | libpcre3 | CVE-2017-16231 | LOW | 2:8.39-12 | |

Expand...

| | libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | |

Expand...

| | libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | |

Expand...

| | libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | |

Expand...

| | libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | |

Expand...

| | libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | |

Expand...

| | libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | |

Expand...

| | libsepol1 | CVE-2021-36086 | LOW | 2.8-1 | |

Expand...

| | libsepol1 | CVE-2021-36087 | LOW | 2.8-1 | |

Expand...

| | libsmartcols1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libsmartcols1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | |

Expand...

| | libssh2-1 | CVE-2019-17498 | LOW | 1.8.0-2.1 | |

Expand...

| | libssl1.1 | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

| | libssl1.1 | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

| | libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | |

Expand...

https://access.redhat.com/security/cve/CVE-2018-12886
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/config/arm/arm-protos.h?revision=266379&view=markup
https://www.gnu.org/software/gcc/gcc-8/changes.html

| | libstdc++6 | CVE-2019-15847 | HIGH | 8.3.0-6 | |

Expand...

Expand...

Expand...

Expand...

| | libsystemd0 | CVE-2013-4392 | LOW | 241-7~deb10u8 | |

Expand...

| | libsystemd0 | CVE-2019-20386 | LOW | 241-7~deb10u8 | |

Expand...

| | libsystemd0 | CVE-2020-13529 | LOW | 241-7~deb10u8 | |

Expand...

| | libsystemd0 | CVE-2020-13776 | LOW | 241-7~deb10u8 | |

Expand...

| | libtasn1-6 | CVE-2018-1000654 | LOW | 4.13-3 | |

Expand...

| | libtinfo6 | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

Expand...

Expand...

Expand...

| | libudev1 | CVE-2013-4392 | LOW | 241-7~deb10u8 | |

Expand...

| | libudev1 | CVE-2019-20386 | LOW | 241-7~deb10u8 | |

Expand...

| | libudev1 | CVE-2020-13529 | LOW | 241-7~deb10u8 | |

Expand...

| | libudev1 | CVE-2020-13776 | LOW | 241-7~deb10u8 | |

Expand...

| | libuuid1 | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | libuuid1 | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | login | CVE-2007-5686 | LOW | 1:4.5-1.1 | |

Expand...

| | login | CVE-2013-4235 | LOW | 1:4.5-1.1 | |

Expand...

| | login | CVE-2018-7169 | LOW | 1:4.5-1.1 | |

Expand...

| | login | CVE-2019-19882 | LOW | 1:4.5-1.1 | |

Expand...

| | mount | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | mount | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

| | ncurses-base | CVE-2021-39537 | LOW | 6.1+20181013-2+deb10u2 | |

Expand...

| | openssl | CVE-2007-6755 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

| | openssl | CVE-2010-0928 | LOW | 1.1.1n-0+deb10u1 | |

Expand...

| | passwd | CVE-2007-5686 | LOW | 1:4.5-1.1 | |

Expand...

| | passwd | CVE-2013-4235 | LOW | 1:4.5-1.1 | |

Expand...

| | passwd | CVE-2018-7169 | LOW | 1:4.5-1.1 | |

Expand...

| | passwd | CVE-2019-19882 | LOW | 1:4.5-1.1 | |

Expand...

Expand...

| | perl-base | CVE-2011-4116 | LOW | 5.28.1-6+deb10u1 | |

Expand...

| | tar | CVE-2005-2541 | LOW | 1.30+dfsg-6 | |

Expand...

| | tar | CVE-2019-9923 | LOW | 1.30+dfsg-6 | |

Expand...

| | tar | CVE-2021-20193 | LOW | 1.30+dfsg-6 | |

Expand...

| | util-linux | CVE-2021-37600 | LOW | 2.33.1-0.1 | |

Expand...

| | util-linux | CVE-2022-0563 | LOW | 2.33.1-0.1 | |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113

| **gobinary** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |

Expand...

https://go-review.googlesource.com/c/text/+/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113