TrueChartsClone/charts/stable/openvscode-server/security.md

148 KiB
Raw Blame History

hide
toc

Security Overview

Helm-Chart

Scan Results

Chart Object: openvscode-server/templates/common.yaml

Type Misconfiguration ID Check Severity Explaination Links
Kubernetes Security Check KSV001 Process can elevate its own privileges MEDIUM
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.allowPrivilegeEscalation' to false
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
Kubernetes Security Check KSV003 Default capabilities not dropped LOW
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should add 'ALL' to 'securityContext.capabilities.drop'
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
Kubernetes Security Check KSV003 Default capabilities not dropped LOW
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should add 'ALL' to 'securityContext.capabilities.drop'
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
Kubernetes Security Check KSV012 Runs as root user MEDIUM
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsNonRoot' to true
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
Kubernetes Security Check KSV012 Runs as root user MEDIUM
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsNonRoot' to true
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
Kubernetes Security Check KSV014 Root file system is not read-only LOW
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.readOnlyRootFilesystem' to true
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Kubernetes Security Check KSV014 Root file system is not read-only LOW
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.readOnlyRootFilesystem' to true
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
Kubernetes Security Check KSV017 Privileged container HIGH
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.privileged' to false
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
Kubernetes Security Check KSV020 Runs with low user ID MEDIUM
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the hosts user table.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsUser' > 10000
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check KSV020 Runs with low user ID MEDIUM
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the hosts user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsUser' > 10000
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
Kubernetes Security Check KSV021 Runs with low group ID MEDIUM
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the hosts user table.


Container 'RELEASE-NAME-openvscode-server' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsGroup' > 10000
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Kubernetes Security Check KSV021 Runs with low group ID MEDIUM
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the hosts user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-openvscode-server' should set 'securityContext.runAsGroup' > 10000
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
Kubernetes Security Check KSV029 A root primary or supplementary GID set LOW
Expand... Containers should be forbidden from running with a root primary or supplementary GID.


Deployment 'RELEASE-NAME-openvscode-server' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029

Containers

Detected Containers
      tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583
      tccr.io/truecharts/openvscode-server:v1.68.0
Scan Results

Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)

alpine

Package Vulnerability Severity Installed Version Fixed Version Links
busybox CVE-2022-28391 CRITICAL 1.34.1-r4 1.34.1-r5
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
curl CVE-2022-22576 HIGH 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
curl CVE-2022-27774 MEDIUM 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
curl CVE-2022-27776 MEDIUM 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
curl CVE-2022-27775 LOW 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
libcurl CVE-2022-22576 HIGH 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
libcurl CVE-2022-27774 MEDIUM 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
libcurl CVE-2022-27776 MEDIUM 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
libcurl CVE-2022-27775 LOW 7.80.0-r0 7.80.0-r1
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
ssl_client CVE-2022-28391 CRITICAL 1.34.1-r4 1.34.1-r5
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
zlib CVE-2018-25032 HIGH 1.2.11-r3 1.2.12-r0
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3

Container: tccr.io/truecharts/openvscode-server:v1.68.0 (ubuntu 20.04)

ubuntu

Package Vulnerability Severity Installed Version Fixed Version Links
bash CVE-2019-18276 LOW 5.0-6ubuntu1.1 5.0-6ubuntu1.2
Expand...http://packetstormsecurity.com/files/155498/Bash-5.0-Patch-11-Privilege-Escalation.html
https://access.redhat.com/security/cve/CVE-2019-18276
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18276
https://github.com/bminor/bash/commit/951bdaad7a18cc0dc1036bba86b18b90874d39ff
https://linux.oracle.com/cve/CVE-2019-18276.html
https://linux.oracle.com/errata/ELSA-2021-1679.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-18276
https://security.gentoo.org/glsa/202105-34
https://security.netapp.com/advisory/ntap-20200430-0003/
https://ubuntu.com/security/notices/USN-5380-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.youtube.com/watch?v=-wGtxJ8opa8
coreutils CVE-2016-2781 LOW 8.30-3ubuntu2
Expand...http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://access.redhat.com/security/cve/CVE-2016-2781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
https://nvd.nist.gov/vuln/detail/CVE-2016-2781
dpkg CVE-2022-1664 MEDIUM 1.19.7ubuntu3 1.19.7ubuntu3.2
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1664
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b
https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be
https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html
https://lists.debian.org/debian-security-announce/2022/msg00115.html
https://nvd.nist.gov/vuln/detail/CVE-2022-1664
https://ubuntu.com/security/notices/USN-5446-1
https://ubuntu.com/security/notices/USN-5446-2
e2fsprogs CVE-2022-1304 MEDIUM 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
git CVE-2018-1000021 LOW 1:2.25.1-1ubuntu3.4
Expand...http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
https://access.redhat.com/security/cve/CVE-2018-1000021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021
git-man CVE-2018-1000021 LOW 1:2.25.1-1ubuntu3.4
Expand...http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
https://access.redhat.com/security/cve/CVE-2018-1000021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000021
gzip CVE-2022-1271 MEDIUM 1.10-0ubuntu4 1.10-0ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
https://errata.almalinux.org/8/ALSA-2022-1537.html
https://linux.oracle.com/cve/CVE-2022-1271.html
https://linux.oracle.com/errata/ELSA-2022-2191.html
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
https://ubuntu.com/security/notices/USN-5378-1
https://ubuntu.com/security/notices/USN-5378-2
https://ubuntu.com/security/notices/USN-5378-3
https://ubuntu.com/security/notices/USN-5378-4
https://www.openwall.com/lists/oss-security/2022/04/07/8
krb5-locales CVE-2021-36222 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
krb5-locales CVE-2021-37750 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
libasn1-8-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libc-bin CVE-2016-20013 LOW 2.31-0ubuntu9.7
Expand...https://akkadia.org/drepper/SHA-crypt.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20013
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
https://twitter.com/solardiz/status/795601240151457793
libc6 CVE-2016-20013 LOW 2.31-0ubuntu9.7
Expand...https://akkadia.org/drepper/SHA-crypt.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20013
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
https://twitter.com/solardiz/status/795601240151457793
libcom-err2 CVE-2022-1304 MEDIUM 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
libext2fs2 CVE-2022-1304 MEDIUM 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
libgmp10 CVE-2021-43618 LOW 2:6.2.0+dfsg-4
Expand...https://access.redhat.com/security/cve/CVE-2021-43618
https://bugs.debian.org/994405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2021-43618
libgssapi-krb5-2 CVE-2021-36222 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
libgssapi-krb5-2 CVE-2021-37750 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
libgssapi3-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libhcrypto4-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libheimbase1-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libheimntlm0-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libhx509-5-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libk5crypto3 CVE-2021-36222 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
libk5crypto3 CVE-2021-37750 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
libkrb5-26-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libkrb5-3 CVE-2021-36222 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
libkrb5-3 CVE-2021-37750 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
libkrb5support0 CVE-2021-36222 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
libkrb5support0 CVE-2021-37750 MEDIUM 1.17-6ubuntu4.1
Expand...https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
liblzma5 CVE-2022-1271 MEDIUM 5.2.4-1ubuntu1 5.2.4-1ubuntu1.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
https://errata.almalinux.org/8/ALSA-2022-1537.html
https://linux.oracle.com/cve/CVE-2022-1271.html
https://linux.oracle.com/errata/ELSA-2022-2191.html
https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html
https://ubuntu.com/security/notices/USN-5378-1
https://ubuntu.com/security/notices/USN-5378-2
https://ubuntu.com/security/notices/USN-5378-3
https://ubuntu.com/security/notices/USN-5378-4
https://www.openwall.com/lists/oss-security/2022/04/07/8
libncurses6 CVE-2021-39537 LOW 6.2-0ubuntu2
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
libncurses6 CVE-2022-29458 LOW 6.2-0ubuntu2
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
libncursesw6 CVE-2021-39537 LOW 6.2-0ubuntu2
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
libncursesw6 CVE-2022-29458 LOW 6.2-0ubuntu2
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
libpcre2-8-0 CVE-2022-1586 LOW 10.34-7
Expand...https://access.redhat.com/security/cve/CVE-2022-1586
https://bugzilla.redhat.com/show_bug.cgi?id=2077976,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
libpcre2-8-0 CVE-2022-1587 LOW 10.34-7
Expand...https://access.redhat.com/security/cve/CVE-2022-1587
https://bugzilla.redhat.com/show_bug.cgi?id=2077983,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587
https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://nvd.nist.gov/vuln/detail/CVE-2022-1587
libpcre3 CVE-2017-11164 LOW 2:8.39-12build1
Expand...http://openwall.com/lists/oss-security/2017/07/11/3
http://www.securityfocus.com/bid/99575
https://access.redhat.com/security/cve/CVE-2017-11164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
libpcre3 CVE-2019-20838 LOW 2:8.39-12build1 2:8.39-12ubuntu0.1
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://access.redhat.com/security/cve/CVE-2019-20838
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://errata.almalinux.org/8/ALSA-2021-4373.html
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-20838
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://ubuntu.com/security/notices/USN-5425-1
https://www.pcre.org/original/changelog.txt
libpcre3 CVE-2020-14155 LOW 2:8.39-12build1 2:8.39-12ubuntu0.1
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
https://access.redhat.com/security/cve/CVE-2020-14155
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
https://errata.almalinux.org/8/ALSA-2021-4373.html
https://linux.oracle.com/cve/CVE-2020-14155.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-14155
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://ubuntu.com/security/notices/USN-5425-1
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.pcre.org/original/changelog.txt
libperl5.30 CVE-2020-16156 MEDIUM 5.30.0-9ubuntu0.2
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
libroken18-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
libsepol1 CVE-2021-36084 LOW 3.0-1 3.0-1ubuntu0.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36084
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://ubuntu.com/security/notices/USN-5391-1
libsepol1 CVE-2021-36085 LOW 3.0-1 3.0-1ubuntu0.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36085
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://ubuntu.com/security/notices/USN-5391-1
libsepol1 CVE-2021-36086 LOW 3.0-1 3.0-1ubuntu0.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36086
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
https://linux.oracle.com/cve/CVE-2021-36086.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://ubuntu.com/security/notices/USN-5391-1
libsepol1 CVE-2021-36087 LOW 3.0-1 3.0-1ubuntu0.1
Expand...https://access.redhat.com/security/cve/CVE-2021-36087
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
https://linux.oracle.com/cve/CVE-2021-36087.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/
https://ubuntu.com/security/notices/USN-5391-1
libsqlite3-0 CVE-2020-9794 MEDIUM 3.31.1-4ubuntu0.3
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/HT211168
https://support.apple.com/HT211170
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://support.apple.com/HT211178
https://support.apple.com/HT211179
https://support.apple.com/HT211181
https://vuldb.com/?id.155768
libsqlite3-0 CVE-2020-9849 LOW 3.31.1-4ubuntu0.3
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/en-us/HT211843
https://support.apple.com/en-us/HT211844
https://support.apple.com/en-us/HT211850
https://support.apple.com/en-us/HT211931
https://support.apple.com/en-us/HT211935
https://support.apple.com/en-us/HT211952
https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/
libsqlite3-0 CVE-2020-9991 LOW 3.31.1-4ubuntu0.3
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/en-us/HT211843
https://support.apple.com/en-us/HT211844
https://support.apple.com/en-us/HT211847
https://support.apple.com/en-us/HT211850
https://support.apple.com/en-us/HT211931
https://support.apple.com/kb/HT211846
https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/
libss2 CVE-2022-1304 MEDIUM 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
libtinfo6 CVE-2021-39537 LOW 6.2-0ubuntu2
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
libtinfo6 CVE-2022-29458 LOW 6.2-0ubuntu2
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
libwind0-heimdal CVE-2021-3671 LOW 7.7.0+dfsg-1ubuntu1
Expand...https://access.redhat.com/security/cve/CVE-2021-3671
https://bugzilla.redhat.com/show_bug.cgi?id=2013080,
https://bugzilla.samba.org/show_bug.cgi?id=14770,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671
https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a
https://nvd.nist.gov/vuln/detail/CVE-2021-3671
https://ubuntu.com/security/notices/USN-5142-1
https://ubuntu.com/security/notices/USN-5174-1
locales CVE-2016-20013 LOW 2.31-0ubuntu9.9
Expand...https://akkadia.org/drepper/SHA-crypt.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20013
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
https://twitter.com/solardiz/status/795601240151457793
login CVE-2013-4235 LOW 1:4.8.1-1ubuntu5.20.04.1
Expand...https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
logsave CVE-2022-1304 MEDIUM 1.45.5-2ubuntu1 1.45.5-2ubuntu1.1
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
ncurses-base CVE-2021-39537 LOW 6.2-0ubuntu2
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
ncurses-base CVE-2022-29458 LOW 6.2-0ubuntu2
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
ncurses-bin CVE-2021-39537 LOW 6.2-0ubuntu2
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
ncurses-bin CVE-2022-29458 LOW 6.2-0ubuntu2
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
openssh-client CVE-2020-14145 LOW 1:8.2p1-4ubuntu0.5
Expand...http://www.openwall.com/lists/oss-security/2020/12/02/1
https://access.redhat.com/security/cve/CVE-2020-14145
https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145
https://docs.ssh-mitm.at/CVE-2020-14145.html
https://github.com/openssh/openssh-portable/compare/V_8_3_P1...V_8_4_P1
https://github.com/ssh-mitm/ssh-mitm/blob/master/ssh_proxy_server/plugins/session/cve202014145.py
https://linux.oracle.com/cve/CVE-2020-14145.html
https://linux.oracle.com/errata/ELSA-2021-4368.html
https://nvd.nist.gov/vuln/detail/CVE-2020-14145
https://security.gentoo.org/glsa/202105-35
https://security.netapp.com/advisory/ntap-20200709-0004/
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/
https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
openssh-client CVE-2021-41617 LOW 1:8.2p1-4ubuntu0.5
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41617.json
https://access.redhat.com/security/cve/CVE-2021-41617
https://bugzilla.suse.com/show_bug.cgi?id=1190975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41617
https://errata.almalinux.org/8/ALSA-2022-2013.html
https://linux.oracle.com/cve/CVE-2021-41617.html
https://linux.oracle.com/errata/ELSA-2022-2013.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XJIONMHMKZDTMH6BQR5TNLF2WDCGWED/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KVI7RWM2JLNMWTOFK6BDUSGNOIPZYPUT/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W44V2PFQH5YLRN6ZJTVRKAD7CU6CYYET/
https://nvd.nist.gov/vuln/detail/CVE-2021-41617
https://security.netapp.com/advisory/ntap-20211014-0004/
https://www.openssh.com/security.html
https://www.openssh.com/txt/release-8.8
https://www.openwall.com/lists/oss-security/2021/09/26/1
https://www.oracle.com/security-alerts/cpuapr2022.html
passwd CVE-2013-4235 LOW 1:4.8.1-1ubuntu5.20.04.1
Expand...https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
patch CVE-2018-6952 LOW 2.7.6-6
Expand...http://www.securityfocus.com/bid/103047
https://access.redhat.com/errata/RHSA-2019:2033
https://access.redhat.com/security/cve/CVE-2018-6952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6952
https://linux.oracle.com/cve/CVE-2018-6952.html
https://linux.oracle.com/errata/ELSA-2019-2033.html
https://nvd.nist.gov/vuln/detail/CVE-2018-6952
https://savannah.gnu.org/bugs/index.php?53133
https://security.gentoo.org/glsa/201904-17
patch CVE-2021-45261 LOW 2.7.6-6
Expand...https://access.redhat.com/security/cve/CVE-2021-45261
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45261
https://savannah.gnu.org/bugs/?61685
perl CVE-2020-16156 MEDIUM 5.30.0-9ubuntu0.2
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
perl-base CVE-2020-16156 MEDIUM 5.30.0-9ubuntu0.2
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
perl-modules-5.30 CVE-2020-16156 MEDIUM 5.30.0-9ubuntu0.2
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
zlib1g CVE-2018-25032 MEDIUM 1:1.2.11.dfsg-2ubuntu1.2 1:1.2.11.dfsg-2ubuntu1.3
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3

node-pkg

Package Vulnerability Severity Installed Version Fixed Version Links
diff GHSA-h6ch-v84p-w6p9 HIGH 1.0.0 3.5.0
Expand...https://bugzilla.redhat.com/show_bug.cgi?id=1552148
https://github.com/advisories/GHSA-h6ch-v84p-w6p9
https://github.com/kpdecker/jsdiff/commit/2aec4298639bf30fb88a00b356bf404d3551b8c0
https://snyk.io/vuln/npm:diff:20180305
https://www.npmjs.com/advisories/1631
https://www.whitesourcesoftware.com/vulnerability-database/WS-2018-0590
grunt CVE-2020-7729 HIGH 1.0.0 1.3.0
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7729
https://github.com/advisories/GHSA-m5pj-vjjf-4m3h
https://github.com/gruntjs/grunt/blob/master/lib/grunt/file.js%23L249
https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
https://lists.debian.org/debian-lts-announce/2020/09/msg00008.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7729
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-607922
https://snyk.io/vuln/SNYK-JS-GRUNT-597546
https://ubuntu.com/security/notices/USN-4595-1
https://usn.ubuntu.com/4595-1/
grunt CVE-2022-1537 HIGH 1.0.0 1.5.3
Expand...https://access.redhat.com/security/cve/CVE-2022-1537
https://github.com/advisories/GHSA-rm36-94g8-835r
https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae
https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d
https://nvd.nist.gov/vuln/detail/CVE-2022-1537
grunt CVE-2022-0436 MEDIUM 1.0.0 1.5.2
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0436
https://github.com/advisories/GHSA-j383-35pm-c5h4
https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665
https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 (v1.5.0)
https://github.com/gruntjs/grunt/commit/b0ec6e12426fc8d5720dee1702f6a67455c5986c
https://github.com/gruntjs/grunt/pull/1740
https://github.com/gruntjs/grunt/pull/1743
https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b
https://nvd.nist.gov/vuln/detail/CVE-2022-0436
handlebars CVE-2019-19919 CRITICAL 1.0.0 4.3.0
Expand...https://access.redhat.com/security/cve/CVE-2019-19919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19919
https://github.com/advisories/GHSA-w457-6q6x-cgp9
https://github.com/wycats/handlebars.js/commit/2078c727c627f25d4a149962f05c1e069beb18bc
https://github.com/wycats/handlebars.js/issues/1558
https://nvd.nist.gov/vuln/detail/CVE-2019-19919
https://www.npmjs.com/advisories/1164
https://www.tenable.com/security/tns-2021-14
handlebars CVE-2021-23369 CRITICAL 1.0.0 4.7.7
Expand...https://access.redhat.com/security/cve/CVE-2021-23369
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23369
https://github.com/advisories/GHSA-f2jv-r9rf-7988
https://github.com/handlebars-lang/handlebars.js/commit/b6d3de7123eebba603e321f04afdbae608e8fea8
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
https://nvd.nist.gov/vuln/detail/CVE-2021-23369
https://security.netapp.com/advisory/ntap-20210604-0008/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1074950
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1074951
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1074952
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
handlebars CVE-2021-23383 CRITICAL 1.0.0 4.7.7
Expand...https://access.redhat.com/security/cve/CVE-2021-23383
https://github.com/advisories/GHSA-765h-qjxv-5f44
https://github.com/handlebars-lang/handlebars.js/commit/f0589701698268578199be25285b2ebea1c1e427
https://nvd.nist.gov/vuln/detail/CVE-2021-23383
https://security.netapp.com/advisory/ntap-20210618-0007/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1279031
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1279032
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1279030
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
https://www.npmjs.com/package/handlebars
handlebars CVE-2019-20920 HIGH 1.0.0 4.5.3, 3.0.8
Expand...https://access.redhat.com/security/cve/CVE-2019-20920
https://github.com/advisories/GHSA-3cqr-58rm-57f8
https://github.com/handlebars-lang/handlebars.js/commit/d54137810a49939fd2ad01a91a34e182ece4528e
https://nvd.nist.gov/vuln/detail/CVE-2019-20920
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
https://www.npmjs.com/advisories/1316
https://www.npmjs.com/advisories/1324
https://www.npmjs.com/package/handlebars
handlebars GHSA-2cf5-4w76-r9qv HIGH 1.0.0 4.5.2, 3.0.8
Expand...https://github.com/advisories/GHSA-2cf5-4w76-r9qv
https://www.npmjs.com/advisories/1316
handlebars GHSA-g9r4-xpmj-mj65 HIGH 1.0.0 4.5.3, 3.0.8
Expand...https://github.com/advisories/GHSA-g9r4-xpmj-mj65
https://www.npmjs.com/advisories/1325
handlebars GHSA-q2c6-c6pm-g3gh HIGH 1.0.0 4.5.3, 3.0.8
Expand...https://github.com/advisories/GHSA-q2c6-c6pm-g3gh
https://www.npmjs.com/advisories/1324
handlebars GHSA-q42p-pg8m-cqh6 HIGH 1.0.0 3.0.7, 4.0.14, 4.1.2
Expand...https://github.com/advisories/GHSA-q42p-pg8m-cqh6
https://github.com/handlebars-lang/handlebars.js/commit/7372d4e9dffc9d70c09671aa28b9392a1577fd86
https://github.com/handlebars-lang/handlebars.js/issues/1495
https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
https://www.npmjs.com/advisories/755
handlebars CVE-2015-8861 MEDIUM 1.0.0 >=4.0.0
Expand...http://www.openwall.com/lists/oss-security/2016/04/20/11
http://www.securityfocus.com/bid/96434
https://blog.srcclr.com/handlebars_vulnerability_research_findings/
https://github.com/advisories/GHSA-9prh-257w-9277
https://github.com/wycats/handlebars.js/pull/1083
https://nvd.nist.gov/vuln/detail/CVE-2015-8861
https://www.npmjs.com/advisories/61
https://www.sourceclear.com/blog/handlebars_vulnerability_research_findings/
https://www.tenable.com/security/tns-2016-18
handlebars NSWG-ECO-519 MEDIUM 1.0.0 >=4.6.0
Expand...https://hackerone.com/reports/726364
ini CVE-2020-7788 HIGH 1.0.0 1.3.6
Expand...https://access.redhat.com/security/cve/CVE-2020-7788
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7788
https://github.com/advisories/GHSA-qqgx-2p2h-9c37
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1
https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6)
https://linux.oracle.com/cve/CVE-2020-7788.html
https://linux.oracle.com/errata/ELSA-2022-0350.html
https://lists.debian.org/debian-lts-announce/2020/12/msg00032.html
https://nvd.nist.gov/vuln/detail/CVE-2020-7788
https://snyk.io/vuln/SNYK-JS-INI-1048974
https://www.npmjs.com/advisories/1589
json CVE-2020-7712 HIGH 1.0.0 10.0.0
Expand...https://github.com/advisories/GHSA-3c6g-pvg8-gqw2
https://github.com/trentm/json/commit/cc4798169f9e0f181f8aa61905b88479badcd483
https://github.com/trentm/json/issues/144
https://github.com/trentm/json/pull/145
https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae@%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da@%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb89bd82dffec49f83b49e9ad625b1b63a408b3c7d1a60d6f049142a0@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d@%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c@%3Cissues.zookeeper.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-7712
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-608932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-608931
https://snyk.io/vuln/SNYK-JS-JSON-597481
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
markdown GHSA-wx77-rp39-c6vg LOW 1.0.0
Expand...https://github.com/advisories/GHSA-wx77-rp39-c6vg
https://www.npmjs.com/advisories/1330
npm CVE-2019-16775 HIGH 1.0.1 6.13.3
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
https://access.redhat.com/errata/RHEA-2020:0330
https://access.redhat.com/errata/RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0602
https://access.redhat.com/security/cve/CVE-2019-16775
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
https://errata.almalinux.org/8/ALSA-2020-0579.html
https://github.com/advisories/GHSA-m6cx-g6qm-p2cx
https://github.com/npm/cli/security/advisories/GHSA-m6cx-g6qm-p2cx
https://linux.oracle.com/cve/CVE-2019-16775.html
https://linux.oracle.com/errata/ELSA-2020-0579.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
https://nvd.nist.gov/vuln/detail/CVE-2019-16775
https://www.npmjs.com/advisories/1434
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
npm CVE-2016-3956 MEDIUM 1.0.1 >= 2.15.1 <= 3.0.0, >= 3.8.3
Expand...http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21980827
https://access.redhat.com/security/cve/CVE-2016-3956
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3956
https://github.com/advisories/GHSA-m5h6-hr3q-22h5
https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29
https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401
https://github.com/npm/npm/issues/8380
https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/
https://nodesecurity.io/advisories/98
https://nvd.nist.gov/vuln/detail/CVE-2016-3956
https://www.npmjs.com/advisories/98
npm CVE-2013-4116 LOW 1.0.1 >=1.3.3
Expand...http://www.openwall.com/lists/oss-security/2013/07/10/17
http://www.openwall.com/lists/oss-security/2013/07/11/9
http://www.securityfocus.com/bid/61083
https://access.redhat.com/security/cve/CVE-2013-4116
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=715325
https://bugzilla.redhat.com/show_bug.cgi?id=983917
https://exchange.xforce.ibmcloud.com/vulnerabilities/87141
https://github.com/advisories/GHSA-v3jv-wrf4-5845
https://github.com/npm/npm/commit/f4d31693
https://github.com/npm/npm/issues/3635
https://nvd.nist.gov/vuln/detail/CVE-2013-4116
https://www.npmjs.com/advisories/152
npm CVE-2019-16776 LOW 1.0.1 6.13.3
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
https://access.redhat.com/errata/RHEA-2020:0330
https://access.redhat.com/errata/RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0602
https://access.redhat.com/security/cve/CVE-2019-16776
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
https://errata.almalinux.org/8/ALSA-2020-0579.html
https://github.com/advisories/GHSA-x8qc-rrcw-4r46
https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46
https://linux.oracle.com/cve/CVE-2019-16776.html
https://linux.oracle.com/errata/ELSA-2020-0579.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
https://nvd.nist.gov/vuln/detail/CVE-2019-16776
https://www.npmjs.com/advisories/1436
https://www.oracle.com/security-alerts/cpujan2020.html
npm CVE-2019-16777 LOW 1.0.1 6.13.4
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html
https://access.redhat.com/errata/RHEA-2020:0330
https://access.redhat.com/errata/RHSA-2020:0573
https://access.redhat.com/errata/RHSA-2020:0579
https://access.redhat.com/errata/RHSA-2020:0597
https://access.redhat.com/errata/RHSA-2020:0602
https://access.redhat.com/security/cve/CVE-2019-16777
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
https://errata.almalinux.org/8/ALSA-2020-0579.html
https://github.com/advisories/GHSA-4328-8hgf-7wjr
https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr
https://linux.oracle.com/cve/CVE-2019-16777.html
https://linux.oracle.com/errata/ELSA-2020-0579.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/
https://nvd.nist.gov/vuln/detail/CVE-2019-16777
https://security.gentoo.org/glsa/202003-48
https://www.npmjs.com/advisories/1437
https://www.oracle.com/security-alerts/cpujan2020.html
npm CVE-2020-15095 LOW 1.0.1 6.14.6
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00015.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00023.html
https://access.redhat.com/security/cve/CVE-2020-15095
https://errata.almalinux.org/8/ALSA-2021-0548.html
https://github.com/advisories/GHSA-93f3-23rq-pjfp
https://github.com/npm/cli/blob/66aab417f836a901f8afb265251f761bb0422463/CHANGELOG.md#6146-2020-07-07
https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
https://linux.oracle.com/cve/CVE-2020-15095.html
https://linux.oracle.com/errata/ELSA-2021-0548.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
https://nvd.nist.gov/vuln/detail/CVE-2020-15095
https://security.gentoo.org/glsa/202101-07
pug CVE-2021-21353 HIGH 1.0.0 3.0.1
Expand...https://github.com/advisories/GHSA-p493-635q-r6gr
https://github.com/pugjs/pug/commit/991e78f7c4220b2f8da042877c6f0ef5a4683be0
https://github.com/pugjs/pug/issues/3312
https://github.com/pugjs/pug/pull/3314
https://github.com/pugjs/pug/releases/tag/pug%403.0.1
https://github.com/pugjs/pug/security/advisories/GHSA-p493-635q-r6gr
https://nvd.nist.gov/vuln/detail/CVE-2021-21353
https://www.npmjs.com/package/pug
https://www.npmjs.com/package/pug-code-gen