diff --git a/dependency/mariadb/1.0.19/Chart.lock b/dependency/mariadb/1.0.19/Chart.lock deleted file mode 100644 index 2c52e07b1fd..00000000000 --- a/dependency/mariadb/1.0.19/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://truecharts.org - version: 8.9.7 -digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd -generated: "2021-12-03T14:11:56.150356505Z" diff --git a/dependency/mariadb/1.0.19/charts/common-8.9.7.tgz b/dependency/mariadb/1.0.19/charts/common-8.9.7.tgz deleted file mode 100644 index d624e7df28b..00000000000 Binary files a/dependency/mariadb/1.0.19/charts/common-8.9.7.tgz and /dev/null differ diff --git a/dependency/mariadb/1.0.19/CHANGELOG.md b/dependency/mariadb/1.0.20/CHANGELOG.md similarity index 90% rename from dependency/mariadb/1.0.19/CHANGELOG.md rename to dependency/mariadb/1.0.20/CHANGELOG.md index 163c521ba3e..ae504a381ae 100644 --- a/dependency/mariadb/1.0.19/CHANGELOG.md +++ b/dependency/mariadb/1.0.20/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [mariadb-1.0.20](https://github.com/truecharts/apps/compare/mariadb-1.0.19...mariadb-1.0.20) (2021-12-03) + +#### Chore + +* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452)) + + + ### [mariadb-1.0.19](https://github.com/truecharts/apps/compare/mariadb-1.0.18...mariadb-1.0.19) (2021-12-03) @@ -88,12 +97,3 @@ ### [mariadb-1.0.8](https://github.com/truecharts/apps/compare/mariadb-1.0.7...mariadb-1.0.8) (2021-11-22) -#### Chore - -* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380)) - - - - -### [mariadb-1.0.6](https://github.com/truecharts/apps/compare/mariadb-1.0.5...mariadb-1.0.6) (2021-11-21) - diff --git a/dependency/mariadb/1.0.19/CONFIG.md b/dependency/mariadb/1.0.20/CONFIG.md similarity index 100% rename from dependency/mariadb/1.0.19/CONFIG.md rename to dependency/mariadb/1.0.20/CONFIG.md diff --git a/dependency/mariadb/1.0.20/Chart.lock b/dependency/mariadb/1.0.20/Chart.lock new file mode 100644 index 00000000000..cf75aa4b2c8 --- /dev/null +++ b/dependency/mariadb/1.0.20/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.9.10 +digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc +generated: "2021-12-03T19:46:58.41944868Z" diff --git a/dependency/mariadb/1.0.19/Chart.yaml b/dependency/mariadb/1.0.20/Chart.yaml similarity index 96% rename from dependency/mariadb/1.0.19/Chart.yaml rename to dependency/mariadb/1.0.20/Chart.yaml index 687db70fc72..05e5b05cf03 100644 --- a/dependency/mariadb/1.0.19/Chart.yaml +++ b/dependency/mariadb/1.0.20/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "10.6.5" dependencies: - name: common repository: https://truecharts.org - version: 8.9.7 + version: 8.9.10 deprecated: false description: Fast, reliable, scalable, and easy to use open-source relational database system. home: https://github.com/truecharts/apps/tree/master/stable/mariadb @@ -24,7 +24,7 @@ sources: - https://github.com/prometheus/mysqld_exporter - https://mariadb.org type: application -version: 1.0.19 +version: 1.0.20 annotations: truecharts.org/catagories: | - database diff --git a/dependency/mariadb/1.0.19/README.md b/dependency/mariadb/1.0.20/README.md similarity index 96% rename from dependency/mariadb/1.0.19/README.md rename to dependency/mariadb/1.0.20/README.md index 03e48ce3954..d73b5145f27 100644 --- a/dependency/mariadb/1.0.19/README.md +++ b/dependency/mariadb/1.0.20/README.md @@ -19,7 +19,7 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| https://truecharts.org | common | 8.9.7 | +| https://truecharts.org | common | 8.9.10 | ## Installing the Chart diff --git a/dependency/mariadb/1.0.19/app-readme.md b/dependency/mariadb/1.0.20/app-readme.md similarity index 100% rename from dependency/mariadb/1.0.19/app-readme.md rename to dependency/mariadb/1.0.20/app-readme.md diff --git a/dependency/mariadb/1.0.20/charts/common-8.9.10.tgz b/dependency/mariadb/1.0.20/charts/common-8.9.10.tgz new file mode 100644 index 00000000000..635c25c8f45 Binary files /dev/null and b/dependency/mariadb/1.0.20/charts/common-8.9.10.tgz differ diff --git a/dependency/mariadb/1.0.19/helm-values.md b/dependency/mariadb/1.0.20/helm-values.md similarity index 100% rename from dependency/mariadb/1.0.19/helm-values.md rename to dependency/mariadb/1.0.20/helm-values.md diff --git a/dependency/mariadb/1.0.19/ix_values.yaml b/dependency/mariadb/1.0.20/ix_values.yaml similarity index 100% rename from dependency/mariadb/1.0.19/ix_values.yaml rename to dependency/mariadb/1.0.20/ix_values.yaml diff --git a/dependency/mariadb/1.0.19/questions.yaml b/dependency/mariadb/1.0.20/questions.yaml similarity index 100% rename from dependency/mariadb/1.0.19/questions.yaml rename to dependency/mariadb/1.0.20/questions.yaml diff --git a/dependency/mariadb/1.0.20/sec-scan.md b/dependency/mariadb/1.0.20/sec-scan.md new file mode 100644 index 00000000000..a6360a0cfd5 --- /dev/null +++ b/dependency/mariadb/1.0.20/sec-scan.md @@ -0,0 +1,909 @@ +# Security Scan + +## Helm-Chart + +##### Scan Results + +``` +2021-12-03T19:47:19.916Z INFO Need to update the built-in policies +2021-12-03T19:47:19.916Z INFO Downloading the built-in policies... +2021-12-03T19:47:20.611Z INFO Detected config files: 1 + +mariadb/templates/common.yaml (kubernetes) +========================================== +Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) +Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) + ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-mariadb' of | +| | | | | StatefulSet 'RELEASE-NAME-mariadb' | +| | | | | should add 'ALL' to | +| | | | | 'securityContext.capabilities.drop' | +| | | | | -->avd.aquasec.com/appshield/ksv003 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.runAsNonRoot' to true | +| | | | | -->avd.aquasec.com/appshield/ksv012 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-mariadb' of | +| | | | | StatefulSet 'RELEASE-NAME-mariadb' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-mariadb' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-mariadb' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-mariadb' of | +| | | | | StatefulSet 'RELEASE-NAME-mariadb' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-mariadb' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-mariadb' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-mariadb' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-mariadb' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-mariadb' should | +| | | | | set 'spec.securityContext.runAsGroup', | +| | | | | 'spec.securityContext.supplementalGroups[*]' | +| | | | | and 'spec.securityContext.fsGroup' | +| | | | | to integer greater than 0 | +| | | | | -->avd.aquasec.com/appshield/ksv029 | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +``` + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c + tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 + +##### Scan Results + +**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** + +``` +2021-12-03T19:47:20.698Z INFO Need to update DB +2021-12-03T19:47:20.698Z INFO Downloading DB... +2021-12-03T19:47:24.464Z INFO Detected OS: alpine +2021-12-03T19:47:24.464Z INFO Detecting Alpine vulnerabilities... +2021-12-03T19:47:24.466Z INFO Number of language-specific files: 0 + +tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) +========================================================================================================================= +Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) + ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+ +---------------+---------------------------------------+ +| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + +**Container: tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0** + +``` +2021-12-03T19:47:29.346Z INFO Detected OS: debian +2021-12-03T19:47:29.346Z INFO Detecting Debian vulnerabilities... +2021-12-03T19:47:29.362Z INFO Number of language-specific files: 2 +2021-12-03T19:47:29.362Z INFO Detecting gobinary vulnerabilities... + +tccr.io/truecharts/mariadb:v10.6.5@sha256:ca5dcc0667f4ee5accc91f159f13a2bf764678d4dfeab3d1421fce1d2095f2a0 (debian 10.11) +========================================================================================================================= +Total: 144 (UNKNOWN: 0, LOW: 104, MEDIUM: 12, HIGH: 24, CRITICAL: 4) + ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | +| | | | | | equal to its real UID the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | +| | | | | | session can escape to the | +| | | | | | parent session in chroot | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-18018 | | | | coreutils: race condition | +| | | | | | vulnerability in chown and chgrp | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | +| | | | | | Forgeries with SHA-1 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ +| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | +| | | | | | encryption because it lacks | +| | | | | | exponent blinding to address a... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | +| | | | | | allowing private key leak | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | +| | | | | | doesn't have semantic security due | +| | | | | | to incorrectly encoded plaintexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | +| | | | | | buffer overflow via crafted input | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | +| | | | | | attack against SSL/TLS (BEAST) | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | +| | | | | | fails to perform the roundtrip | +| | | | | | checks specified in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5-3 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5support0 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | +| | | | | | overflow in LZ4_write32 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+ + + +---------------+ + +| libncursesw6 | | | | | | +| | | | | | | +| | | | | | | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | +| | | | | | frames can lead to DoS | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | +| | | | | | parsing callout numeric arguments | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | +| | | | | | match function in pcre_exec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-16231 | | | | pcre: self-recursive call | +| | | | | | in match() in pcre_exec.c | +| | | | | | leads to denial of service... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | +| | | | | | when UTF is disabled and \X or... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | +| | | | | | of syscall filters in libseccomp | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36085 | | | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36086 | | | | libsepol: use-after-free in | +| | | | | | cil_reset_classpermission() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36087 | | | | libsepol: heap-based buffer | +| | | | | | overflow in ebitmap_match_any() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | +| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | +| | | | | | in kex.c leads to out-of-bounds write | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | +| | | | | | SSH_MSG_DISCONNECT logic in packet.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | +| | | | | | _asn1_expand_object_id(ptree) | +| | | | | | leads to memory exhaustion | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | +| | | | | | in parameter entities | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | +| | | | | | Entity vulnerability | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| login | CVE-2007-5686 | LOW | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | +| | | | | | temporary file handling | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | +| | | | | | when extracting setuid or setgid... | +| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9923 | | | | tar: null-pointer dereference | +| | | | | | in pax_decode_header in sparse.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-20193 | | | | tar: Memory leak in | +| | | | | | read_header() in list.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ + +opt/bitnami/common/bin/gosu (gobinary) +====================================== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + + +opt/bitnami/common/bin/ini-file (gobinary) +========================================== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + +``` + diff --git a/dependency/mariadb/1.0.19/templates/common.yaml b/dependency/mariadb/1.0.20/templates/common.yaml similarity index 100% rename from dependency/mariadb/1.0.19/templates/common.yaml rename to dependency/mariadb/1.0.20/templates/common.yaml diff --git a/dependency/mariadb/1.0.19/templates/secret.yaml b/dependency/mariadb/1.0.20/templates/secret.yaml similarity index 100% rename from dependency/mariadb/1.0.19/templates/secret.yaml rename to dependency/mariadb/1.0.20/templates/secret.yaml diff --git a/dependency/mariadb/1.0.19/values.yaml b/dependency/mariadb/1.0.20/values.yaml similarity index 100% rename from dependency/mariadb/1.0.19/values.yaml rename to dependency/mariadb/1.0.20/values.yaml diff --git a/dependency/memcached/1.0.19/Chart.lock b/dependency/memcached/1.0.19/Chart.lock deleted file mode 100644 index 0ab138b5ff9..00000000000 --- a/dependency/memcached/1.0.19/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://truecharts.org - version: 8.9.7 -digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd -generated: "2021-12-03T14:12:28.171429869Z" diff --git a/dependency/memcached/1.0.19/charts/common-8.9.7.tgz b/dependency/memcached/1.0.19/charts/common-8.9.7.tgz deleted file mode 100644 index d624e7df28b..00000000000 Binary files a/dependency/memcached/1.0.19/charts/common-8.9.7.tgz and /dev/null differ diff --git a/dependency/memcached/1.0.19/CHANGELOG.md b/dependency/memcached/1.0.20/CHANGELOG.md similarity index 90% rename from dependency/memcached/1.0.19/CHANGELOG.md rename to dependency/memcached/1.0.20/CHANGELOG.md index 7c0db56eee8..d9200c72436 100644 --- a/dependency/memcached/1.0.19/CHANGELOG.md +++ b/dependency/memcached/1.0.20/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [memcached-1.0.20](https://github.com/truecharts/apps/compare/memcached-1.0.19...memcached-1.0.20) (2021-12-03) + +#### Chore + +* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452)) + + + ### [memcached-1.0.19](https://github.com/truecharts/apps/compare/memcached-1.0.18...memcached-1.0.19) (2021-12-03) @@ -88,12 +97,3 @@ ### [memcached-1.0.7](https://github.com/truecharts/apps/compare/memcached-1.0.6...memcached-1.0.7) (2021-11-18) -#### Chore - -* update non-major ([#1350](https://github.com/truecharts/apps/issues/1350)) - - - - -### [memcached-1.0.6](https://github.com/truecharts/apps/compare/memcached-1.0.5...memcached-1.0.6) (2021-11-16) - diff --git a/dependency/memcached/1.0.19/CONFIG.md b/dependency/memcached/1.0.20/CONFIG.md similarity index 100% rename from dependency/memcached/1.0.19/CONFIG.md rename to dependency/memcached/1.0.20/CONFIG.md diff --git a/dependency/memcached/1.0.20/Chart.lock b/dependency/memcached/1.0.20/Chart.lock new file mode 100644 index 00000000000..89fffda867a --- /dev/null +++ b/dependency/memcached/1.0.20/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.9.10 +digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc +generated: "2021-12-03T19:48:03.942785444Z" diff --git a/dependency/memcached/1.0.19/Chart.yaml b/dependency/memcached/1.0.20/Chart.yaml similarity index 95% rename from dependency/memcached/1.0.19/Chart.yaml rename to dependency/memcached/1.0.20/Chart.yaml index c53a2871a8b..94dbdc79e14 100644 --- a/dependency/memcached/1.0.19/Chart.yaml +++ b/dependency/memcached/1.0.20/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.6.12" dependencies: - name: common repository: https://truecharts.org - version: 8.9.7 + version: 8.9.10 deprecated: false description: Memcached is a memory-backed database caching solution home: https://github.com/truecharts/apps/tree/master/stable/memcached @@ -22,7 +22,7 @@ sources: - https://github.com/bitnami/bitnami-docker-memcached - http://memcached.org/ type: application -version: 1.0.19 +version: 1.0.20 annotations: truecharts.org/catagories: | - database diff --git a/dependency/memcached/1.0.19/README.md b/dependency/memcached/1.0.20/README.md similarity index 96% rename from dependency/memcached/1.0.19/README.md rename to dependency/memcached/1.0.20/README.md index 0fde4d800f5..5522ea6fc3f 100644 --- a/dependency/memcached/1.0.19/README.md +++ b/dependency/memcached/1.0.20/README.md @@ -18,7 +18,7 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| https://truecharts.org | common | 8.9.7 | +| https://truecharts.org | common | 8.9.10 | ## Installing the Chart diff --git a/dependency/memcached/1.0.19/app-readme.md b/dependency/memcached/1.0.20/app-readme.md similarity index 100% rename from dependency/memcached/1.0.19/app-readme.md rename to dependency/memcached/1.0.20/app-readme.md diff --git a/dependency/memcached/1.0.20/charts/common-8.9.10.tgz b/dependency/memcached/1.0.20/charts/common-8.9.10.tgz new file mode 100644 index 00000000000..635c25c8f45 Binary files /dev/null and b/dependency/memcached/1.0.20/charts/common-8.9.10.tgz differ diff --git a/dependency/memcached/1.0.19/helm-values.md b/dependency/memcached/1.0.20/helm-values.md similarity index 100% rename from dependency/memcached/1.0.19/helm-values.md rename to dependency/memcached/1.0.20/helm-values.md diff --git a/dependency/memcached/1.0.19/ix_values.yaml b/dependency/memcached/1.0.20/ix_values.yaml similarity index 100% rename from dependency/memcached/1.0.19/ix_values.yaml rename to dependency/memcached/1.0.20/ix_values.yaml diff --git a/dependency/memcached/1.0.19/questions.yaml b/dependency/memcached/1.0.20/questions.yaml similarity index 100% rename from dependency/memcached/1.0.19/questions.yaml rename to dependency/memcached/1.0.20/questions.yaml diff --git a/dependency/memcached/1.0.20/sec-scan.md b/dependency/memcached/1.0.20/sec-scan.md new file mode 100644 index 00000000000..3e2afb8488b --- /dev/null +++ b/dependency/memcached/1.0.20/sec-scan.md @@ -0,0 +1,878 @@ +# Security Scan + +## Helm-Chart + +##### Scan Results + +``` +2021-12-03T19:48:25.464Z INFO Detected config files: 1 + +memcached/templates/common.yaml (kubernetes) +============================================ +Tests: 39 (SUCCESSES: 28, FAILURES: 11, EXCEPTIONS: 0) +Failures: 11 (UNKNOWN: 0, LOW: 4, MEDIUM: 7, HIGH: 0, CRITICAL: 0) + ++---------------------------+------------+-----------------------------------+----------+------------------------------------------+ +| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | ++---------------------------+------------+-----------------------------------+----------+------------------------------------------+ +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-memcached' of | +| | | | | Deployment 'RELEASE-NAME-memcached' | +| | | | | should add 'ALL' to | +| | | | | 'securityContext.capabilities.drop' | +| | | | | -->avd.aquasec.com/appshield/ksv003 | ++ +------------+-----------------------------------+----------+------------------------------------------+ +| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-memcached' should set | +| | | | | 'securityContext.runAsNonRoot' to true | +| | | | | -->avd.aquasec.com/appshield/ksv012 | ++ +------------+-----------------------------------+----------+------------------------------------------+ +| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-memcached' of | +| | | | | Deployment 'RELEASE-NAME-memcached' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-memcached' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ +------------+-----------------------------------+ +------------------------------------------+ +| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-memcached' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ +------------+-----------------------------------+----------+------------------------------------------+ +| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-memcached' of | +| | | | | Deployment 'RELEASE-NAME-memcached' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-memcached' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ +------------+-----------------------------------+ +------------------------------------------+ +| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-memcached' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-memcached' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-memcached' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ +------------+-----------------------------------+ +------------------------------------------+ +| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-memcached' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-memcached' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ + + + +------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-memcached' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++---------------------------+------------+-----------------------------------+----------+------------------------------------------+ +``` + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c + tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 + +##### Scan Results + +**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** + +``` +2021-12-03T19:48:26.594Z INFO Detected OS: alpine +2021-12-03T19:48:26.594Z INFO Detecting Alpine vulnerabilities... +2021-12-03T19:48:26.602Z INFO Number of language-specific files: 0 + +tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) +========================================================================================================================= +Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) + ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+ +---------------+---------------------------------------+ +| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + +**Container: tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569** + +``` +2021-12-03T19:48:28.787Z INFO Detected OS: debian +2021-12-03T19:48:28.787Z INFO Detecting Debian vulnerabilities... +2021-12-03T19:48:28.804Z INFO Number of language-specific files: 1 +2021-12-03T19:48:28.804Z INFO Detecting gobinary vulnerabilities... + +tccr.io/truecharts/memcached:v1.6.12@sha256:90da9d23e5c448d44ee3c1aa2af4c868ab5a3f8042a4000851fe55355db7c569 (debian 10.11) +=========================================================================================================================== +Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) + ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | +| | | | | | equal to its real UID the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | +| | | | | | session can escape to the | +| | | | | | parent session in chroot | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-18018 | | | | coreutils: race condition | +| | | | | | vulnerability in chown and chgrp | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | +| | | | | | Forgeries with SHA-1 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ +| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | +| | | | | | encryption because it lacks | +| | | | | | exponent blinding to address a... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | +| | | | | | allowing private key leak | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | +| | | | | | doesn't have semantic security due | +| | | | | | to incorrectly encoded plaintexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | +| | | | | | buffer overflow via crafted input | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | +| | | | | | attack against SSL/TLS (BEAST) | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | +| | | | | | fails to perform the roundtrip | +| | | | | | checks specified in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5-3 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5support0 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | +| | | | | | overflow in LZ4_write32 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+ + + +---------------+ + +| libncursesw6 | | | | | | +| | | | | | | +| | | | | | | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | +| | | | | | frames can lead to DoS | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | +| | | | | | parsing callout numeric arguments | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | +| | | | | | match function in pcre_exec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-16231 | | | | pcre: self-recursive call | +| | | | | | in match() in pcre_exec.c | +| | | | | | leads to denial of service... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | +| | | | | | when UTF is disabled and \X or... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | +| | | | | | of syscall filters in libseccomp | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36085 | | | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36086 | | | | libsepol: use-after-free in | +| | | | | | cil_reset_classpermission() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36087 | | | | libsepol: heap-based buffer | +| | | | | | overflow in ebitmap_match_any() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | +| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | +| | | | | | in kex.c leads to out-of-bounds write | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | +| | | | | | SSH_MSG_DISCONNECT logic in packet.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | +| | | | | | _asn1_expand_object_id(ptree) | +| | | | | | leads to memory exhaustion | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | +| | | | | | temporary file handling | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | +| | | | | | when extracting setuid or setgid... | +| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9923 | | | | tar: null-pointer dereference | +| | | | | | in pax_decode_header in sparse.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-20193 | | | | tar: Memory leak in | +| | | | | | read_header() in list.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ + +opt/bitnami/common/bin/gosu (gobinary) +====================================== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + +``` + diff --git a/dependency/memcached/1.0.19/templates/common.yaml b/dependency/memcached/1.0.20/templates/common.yaml similarity index 100% rename from dependency/memcached/1.0.19/templates/common.yaml rename to dependency/memcached/1.0.20/templates/common.yaml diff --git a/dependency/memcached/1.0.19/values.yaml b/dependency/memcached/1.0.20/values.yaml similarity index 100% rename from dependency/memcached/1.0.19/values.yaml rename to dependency/memcached/1.0.20/values.yaml diff --git a/dependency/postgresql/6.0.17/Chart.lock b/dependency/postgresql/6.0.17/Chart.lock deleted file mode 100644 index c96b7bd3b30..00000000000 --- a/dependency/postgresql/6.0.17/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://truecharts.org - version: 8.9.7 -digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd -generated: "2021-12-03T14:13:00.244717564Z" diff --git a/dependency/postgresql/6.0.17/charts/common-8.9.7.tgz b/dependency/postgresql/6.0.17/charts/common-8.9.7.tgz deleted file mode 100644 index d624e7df28b..00000000000 Binary files a/dependency/postgresql/6.0.17/charts/common-8.9.7.tgz and /dev/null differ diff --git a/dependency/postgresql/6.0.17/CHANGELOG.md b/dependency/postgresql/6.0.18/CHANGELOG.md similarity index 90% rename from dependency/postgresql/6.0.17/CHANGELOG.md rename to dependency/postgresql/6.0.18/CHANGELOG.md index 7bc29164611..32882f07bbc 100644 --- a/dependency/postgresql/6.0.17/CHANGELOG.md +++ b/dependency/postgresql/6.0.18/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [postgresql-6.0.18](https://github.com/truecharts/apps/compare/postgresql-6.0.17...postgresql-6.0.18) (2021-12-03) + +#### Chore + +* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452)) + + + ### [postgresql-6.0.17](https://github.com/truecharts/apps/compare/postgresql-6.0.16...postgresql-6.0.17) (2021-12-03) @@ -88,12 +97,3 @@ ### [postgresql-6.0.6](https://github.com/truecharts/apps/compare/postgresql-6.0.5...postgresql-6.0.6) (2021-11-22) -#### Chore - -* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380)) - - - - -### [postgresql-6.0.4](https://github.com/truecharts/apps/compare/postgresql-6.0.3...postgresql-6.0.4) (2021-11-18) - diff --git a/dependency/postgresql/6.0.17/CONFIG.md b/dependency/postgresql/6.0.18/CONFIG.md similarity index 100% rename from dependency/postgresql/6.0.17/CONFIG.md rename to dependency/postgresql/6.0.18/CONFIG.md diff --git a/dependency/postgresql/6.0.18/Chart.lock b/dependency/postgresql/6.0.18/Chart.lock new file mode 100644 index 00000000000..47b3d929477 --- /dev/null +++ b/dependency/postgresql/6.0.18/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.9.10 +digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc +generated: "2021-12-03T19:49:04.037663516Z" diff --git a/dependency/postgresql/6.0.17/Chart.yaml b/dependency/postgresql/6.0.18/Chart.yaml similarity index 95% rename from dependency/postgresql/6.0.17/Chart.yaml rename to dependency/postgresql/6.0.18/Chart.yaml index 060ea800463..2a64d416adc 100644 --- a/dependency/postgresql/6.0.17/Chart.yaml +++ b/dependency/postgresql/6.0.18/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "14.1.0" dependencies: - name: common repository: https://truecharts.org - version: 8.9.7 + version: 8.9.10 deprecated: false description: PostgresSQL home: https://github.com/truecharts/apps/tree/master/stable/postgres @@ -22,7 +22,7 @@ name: postgresql sources: - https://www.postgresql.org/ type: application -version: 6.0.17 +version: 6.0.18 annotations: truecharts.org/catagories: | - database diff --git a/dependency/postgresql/6.0.17/README.md b/dependency/postgresql/6.0.18/README.md similarity index 96% rename from dependency/postgresql/6.0.17/README.md rename to dependency/postgresql/6.0.18/README.md index 9c4af717fd9..97ebdb90180 100644 --- a/dependency/postgresql/6.0.17/README.md +++ b/dependency/postgresql/6.0.18/README.md @@ -17,7 +17,7 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| https://truecharts.org | common | 8.9.7 | +| https://truecharts.org | common | 8.9.10 | ## Installing the Chart diff --git a/dependency/postgresql/6.0.17/app-readme.md b/dependency/postgresql/6.0.18/app-readme.md similarity index 100% rename from dependency/postgresql/6.0.17/app-readme.md rename to dependency/postgresql/6.0.18/app-readme.md diff --git a/dependency/postgresql/6.0.18/charts/common-8.9.10.tgz b/dependency/postgresql/6.0.18/charts/common-8.9.10.tgz new file mode 100644 index 00000000000..635c25c8f45 Binary files /dev/null and b/dependency/postgresql/6.0.18/charts/common-8.9.10.tgz differ diff --git a/dependency/postgresql/6.0.17/helm-values.md b/dependency/postgresql/6.0.18/helm-values.md similarity index 100% rename from dependency/postgresql/6.0.17/helm-values.md rename to dependency/postgresql/6.0.18/helm-values.md diff --git a/dependency/postgresql/6.0.17/ix_values.yaml b/dependency/postgresql/6.0.18/ix_values.yaml similarity index 100% rename from dependency/postgresql/6.0.17/ix_values.yaml rename to dependency/postgresql/6.0.18/ix_values.yaml diff --git a/dependency/postgresql/6.0.17/questions.yaml b/dependency/postgresql/6.0.18/questions.yaml similarity index 100% rename from dependency/postgresql/6.0.17/questions.yaml rename to dependency/postgresql/6.0.18/questions.yaml diff --git a/dependency/postgresql/6.0.18/sec-scan.md b/dependency/postgresql/6.0.18/sec-scan.md new file mode 100644 index 00000000000..3657970c389 --- /dev/null +++ b/dependency/postgresql/6.0.18/sec-scan.md @@ -0,0 +1,1112 @@ +# Security Scan + +## Helm-Chart + +##### Scan Results + +``` +2021-12-03T19:49:25.561Z INFO Detected config files: 1 + +postgresql/templates/common.yaml (kubernetes) +============================================= +Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) +Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) + ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-postgresql' of | +| | | | | StatefulSet 'RELEASE-NAME-postgresql' | +| | | | | should add 'ALL' to | +| | | | | 'securityContext.capabilities.drop' | +| | | | | -->avd.aquasec.com/appshield/ksv003 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.runAsNonRoot' to true | +| | | | | -->avd.aquasec.com/appshield/ksv012 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-postgresql' of | +| | | | | StatefulSet 'RELEASE-NAME-postgresql' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-postgresql' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-postgresql' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-postgresql' of | +| | | | | StatefulSet 'RELEASE-NAME-postgresql' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-postgresql' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-postgresql' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-postgresql' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-postgresql' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-postgresql' should | +| | | | | set 'spec.securityContext.runAsGroup', | +| | | | | 'spec.securityContext.supplementalGroups[*]' | +| | | | | and 'spec.securityContext.fsGroup' | +| | | | | to integer greater than 0 | +| | | | | -->avd.aquasec.com/appshield/ksv029 | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +``` + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c + tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 + +##### Scan Results + +**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** + +``` +2021-12-03T19:49:26.640Z INFO Detected OS: alpine +2021-12-03T19:49:26.640Z INFO Detecting Alpine vulnerabilities... +2021-12-03T19:49:26.643Z INFO Number of language-specific files: 0 + +tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) +========================================================================================================================= +Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) + ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+ +---------------+---------------------------------------+ +| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + +**Container: tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4** + +``` +2021-12-03T19:49:29.973Z INFO Detected OS: debian +2021-12-03T19:49:29.974Z INFO Detecting Debian vulnerabilities... +2021-12-03T19:49:29.991Z INFO Number of language-specific files: 2 +2021-12-03T19:49:29.991Z INFO Detecting gobinary vulnerabilities... +2021-12-03T19:49:29.991Z INFO Detecting jar vulnerabilities... + +tccr.io/truecharts/postgresql:v14.1.0@sha256:3b1df1487f9bd1bb3ee6a2b5e90e655b2ea5d9cdc3148826dc813bbcea3969c4 (debian 10.11) +============================================================================================================================ +Total: 190 (UNKNOWN: 0, LOW: 130, MEDIUM: 21, HIGH: 31, CRITICAL: 8) + ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | +| | | | | | equal to its real UID the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | +| | | | | | session can escape to the | +| | | | | | parent session in chroot | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-18018 | | | | coreutils: race condition | +| | | | | | vulnerability in chown and chgrp | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | +| | | | | | Forgeries with SHA-1 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ +| libc-l10n | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ +| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | +| | | | | | encryption because it lacks | +| | | | | | exponent blinding to address a... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | +| | | | | | allowing private key leak | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | +| | | | | | doesn't have semantic security due | +| | | | | | to incorrectly encoded plaintexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | +| | | | | | buffer overflow via crafted input | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | +| | | | | | attack against SSL/TLS (BEAST) | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | +| | | | | | fails to perform the roundtrip | +| | | | | | checks specified in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5-3 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5support0 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | +| | | | | | overflow in LZ4_write32 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+ + + +---------------+ + +| libncursesw6 | | | | | | +| | | | | | | +| | | | | | | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | +| | | | | | frames can lead to DoS | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | +| | | | | | parsing callout numeric arguments | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | +| | | | | | match function in pcre_exec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-16231 | | | | pcre: self-recursive call | +| | | | | | in match() in pcre_exec.c | +| | | | | | leads to denial of service... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | +| | | | | | when UTF is disabled and \X or... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | +| | | | | | of syscall filters in libseccomp | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36085 | | | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36086 | | | | libsepol: use-after-free in | +| | | | | | cil_reset_classpermission() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36087 | | | | libsepol: heap-based buffer | +| | | | | | overflow in ebitmap_match_any() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libsqlite3-0 | CVE-2019-19603 | HIGH | 3.27.2-3+deb10u1 | | sqlite: mishandling of | +| | | | | | certain SELECT statements with | +| | | | | | non-existent VIEW can lead to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19603 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-19645 | MEDIUM | | | sqlite: infinite recursion via | +| | | | | | certain types of self-referential | +| | | | | | views in conjunction with... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19645 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19924 | | | | sqlite: incorrect | +| | | | | | sqlite3WindowRewrite() error | +| | | | | | handling leads to mishandling | +| | | | | | certain parser-tree rewriting | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19924 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13631 | | | | sqlite: Virtual table can be | +| | | | | | renamed into the name of one of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13631 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-19244 | LOW | | | sqlite: allows a crash | +| | | | | | if a sub-select uses both | +| | | | | | DISTINCT and window... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19244 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-11656 | | | | sqlite: use-after-free in the | +| | | | | | ALTER TABLE implementation | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-11656 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36690 | | | | ** DISPUTED ** A segmentation | +| | | | | | fault can occur in the | +| | | | | | sqlite3.exe command-line... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36690 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | +| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | +| | | | | | in kex.c leads to out-of-bounds write | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | +| | | | | | SSH_MSG_DISCONNECT logic in packet.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | +| | | | | | _asn1_expand_object_id(ptree) | +| | | | | | leads to memory exhaustion | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libxml2 | CVE-2017-16932 | HIGH | 2.9.4+dfsg1-7+deb10u2 | | libxml2: Infinite recursion | +| | | | | | in parameter entities | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16932 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2016-9318 | MEDIUM | | | libxml2: XML External | +| | | | | | Entity vulnerability | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-9318 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libxslt1.1 | CVE-2015-9019 | LOW | 1.1.32-2.2~deb10u1 | | libxslt: math.random() in | +| | | | | | xslt uses unseeded randomness | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-9019 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| locales | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | +| | | | | | temporary file handling | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | +| | | | | | when extracting setuid or setgid... | +| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9923 | | | | tar: null-pointer dereference | +| | | | | | in pax_decode_header in sparse.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-20193 | | | | tar: Memory leak in | +| | | | | | read_header() in list.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ + +Java (jar) +========== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + + +opt/bitnami/common/bin/gosu (gobinary) +====================================== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + +``` + diff --git a/dependency/postgresql/6.0.17/templates/backup-postgres-config.yaml b/dependency/postgresql/6.0.18/templates/backup-postgres-config.yaml similarity index 100% rename from dependency/postgresql/6.0.17/templates/backup-postgres-config.yaml rename to dependency/postgresql/6.0.18/templates/backup-postgres-config.yaml diff --git a/dependency/postgresql/6.0.17/templates/common.yaml b/dependency/postgresql/6.0.18/templates/common.yaml similarity index 100% rename from dependency/postgresql/6.0.17/templates/common.yaml rename to dependency/postgresql/6.0.18/templates/common.yaml diff --git a/dependency/postgresql/6.0.17/templates/secret.yaml b/dependency/postgresql/6.0.18/templates/secret.yaml similarity index 100% rename from dependency/postgresql/6.0.17/templates/secret.yaml rename to dependency/postgresql/6.0.18/templates/secret.yaml diff --git a/dependency/postgresql/6.0.17/templates/upgrade-backup-postgres-hook.yaml b/dependency/postgresql/6.0.18/templates/upgrade-backup-postgres-hook.yaml similarity index 100% rename from dependency/postgresql/6.0.17/templates/upgrade-backup-postgres-hook.yaml rename to dependency/postgresql/6.0.18/templates/upgrade-backup-postgres-hook.yaml diff --git a/dependency/postgresql/6.0.17/values.yaml b/dependency/postgresql/6.0.18/values.yaml similarity index 100% rename from dependency/postgresql/6.0.17/values.yaml rename to dependency/postgresql/6.0.18/values.yaml diff --git a/dependency/promtail/1.0.5/Chart.lock b/dependency/promtail/1.0.5/Chart.lock deleted file mode 100644 index d9a39375156..00000000000 --- a/dependency/promtail/1.0.5/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://truecharts.org - version: 8.9.7 -digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd -generated: "2021-12-03T14:13:32.70150928Z" diff --git a/dependency/promtail/1.0.5/charts/common-8.9.7.tgz b/dependency/promtail/1.0.5/charts/common-8.9.7.tgz deleted file mode 100644 index d624e7df28b..00000000000 Binary files a/dependency/promtail/1.0.5/charts/common-8.9.7.tgz and /dev/null differ diff --git a/dependency/promtail/1.0.5/CHANGELOG.md b/dependency/promtail/1.0.6/CHANGELOG.md similarity index 88% rename from dependency/promtail/1.0.5/CHANGELOG.md rename to dependency/promtail/1.0.6/CHANGELOG.md index d0a9d219f5f..4930880487d 100644 --- a/dependency/promtail/1.0.5/CHANGELOG.md +++ b/dependency/promtail/1.0.6/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [promtail-1.0.6](https://github.com/truecharts/apps/compare/promtail-1.0.5...promtail-1.0.6) (2021-12-03) + +#### Chore + +* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452)) + + + ### [promtail-1.0.5](https://github.com/truecharts/apps/compare/promtail-1.0.4...promtail-1.0.5) (2021-12-03) diff --git a/dependency/promtail/1.0.5/CONFIG.md b/dependency/promtail/1.0.6/CONFIG.md similarity index 100% rename from dependency/promtail/1.0.5/CONFIG.md rename to dependency/promtail/1.0.6/CONFIG.md diff --git a/dependency/promtail/1.0.6/Chart.lock b/dependency/promtail/1.0.6/Chart.lock new file mode 100644 index 00000000000..e8772842b4d --- /dev/null +++ b/dependency/promtail/1.0.6/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.9.10 +digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc +generated: "2021-12-03T19:50:04.789607888Z" diff --git a/dependency/promtail/1.0.5/Chart.yaml b/dependency/promtail/1.0.6/Chart.yaml similarity index 96% rename from dependency/promtail/1.0.5/Chart.yaml rename to dependency/promtail/1.0.6/Chart.yaml index 8341b994324..043bd65786d 100644 --- a/dependency/promtail/1.0.5/Chart.yaml +++ b/dependency/promtail/1.0.6/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "2.4.1" dependencies: - name: common repository: https://truecharts.org - version: 8.9.7 + version: 8.9.10 deprecated: false description: Promtail is an agent which ships the contents of local logs to a Loki instance icon: https://raw.githubusercontent.com/grafana/loki/master/docs/sources/logo.png @@ -22,7 +22,7 @@ sources: - https://grafana.com/oss/loki/ - https://grafana.com/docs/loki/latest/ type: application -version: 1.0.5 +version: 1.0.6 annotations: truecharts.org/catagories: | - metrics diff --git a/dependency/promtail/1.0.5/README.md b/dependency/promtail/1.0.6/README.md similarity index 96% rename from dependency/promtail/1.0.5/README.md rename to dependency/promtail/1.0.6/README.md index 3909f98c6c7..4fbf86e6bd6 100644 --- a/dependency/promtail/1.0.5/README.md +++ b/dependency/promtail/1.0.6/README.md @@ -19,7 +19,7 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| https://truecharts.org | common | 8.9.7 | +| https://truecharts.org | common | 8.9.10 | ## Installing the Chart diff --git a/dependency/promtail/1.0.5/app-readme.md b/dependency/promtail/1.0.6/app-readme.md similarity index 100% rename from dependency/promtail/1.0.5/app-readme.md rename to dependency/promtail/1.0.6/app-readme.md diff --git a/dependency/promtail/1.0.6/charts/common-8.9.10.tgz b/dependency/promtail/1.0.6/charts/common-8.9.10.tgz new file mode 100644 index 00000000000..635c25c8f45 Binary files /dev/null and b/dependency/promtail/1.0.6/charts/common-8.9.10.tgz differ diff --git a/dependency/promtail/1.0.5/helm-values.md b/dependency/promtail/1.0.6/helm-values.md similarity index 100% rename from dependency/promtail/1.0.5/helm-values.md rename to dependency/promtail/1.0.6/helm-values.md diff --git a/dependency/promtail/1.0.5/ix_values.yaml b/dependency/promtail/1.0.6/ix_values.yaml similarity index 100% rename from dependency/promtail/1.0.5/ix_values.yaml rename to dependency/promtail/1.0.6/ix_values.yaml diff --git a/dependency/promtail/1.0.5/questions.yaml b/dependency/promtail/1.0.6/questions.yaml similarity index 100% rename from dependency/promtail/1.0.5/questions.yaml rename to dependency/promtail/1.0.6/questions.yaml diff --git a/dependency/promtail/1.0.6/sec-scan.md b/dependency/promtail/1.0.6/sec-scan.md new file mode 100644 index 00000000000..1a7fd0673c6 --- /dev/null +++ b/dependency/promtail/1.0.6/sec-scan.md @@ -0,0 +1,545 @@ +# Security Scan + +## Helm-Chart + +##### Scan Results + +``` +2021-12-03T19:50:27.019Z INFO Detected config files: 1 + +promtail/templates/common.yaml (kubernetes) +=========================================== +Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) +Failures: 13 (UNKNOWN: 0, LOW: 4, MEDIUM: 9, HIGH: 0, CRITICAL: 0) + ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Container 'RELEASE-NAME-promtail' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.runAsNonRoot' to true | +| | | | | -->avd.aquasec.com/appshield/ksv012 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.runAsNonRoot' to true | +| | | | | -->avd.aquasec.com/appshield/ksv012 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-promtail' of | +| | | | | Deployment 'RELEASE-NAME-promtail' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-promtail' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV014 | Root file system is not read-only | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-promtail' of | +| | | | | Deployment 'RELEASE-NAME-promtail' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | Deployment 'RELEASE-NAME-promtail' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-promtail' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-promtail' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of Deployment | +| | | | | 'RELEASE-NAME-promtail' should set | +| | | | | 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV023 | hostPath volumes mounted | | Deployment 'RELEASE-NAME-promtail' | +| | | | | should not set | +| | | | | 'spec.template.volumes.hostPath' | +| | | | | -->avd.aquasec.com/appshield/ksv023 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV029 | A root primary or supplementary GID set | LOW | Deployment 'RELEASE-NAME-promtail' should | +| | | | | set 'spec.securityContext.runAsGroup', | +| | | | | 'spec.securityContext.supplementalGroups[*]' | +| | | | | and 'spec.securityContext.fsGroup' | +| | | | | to integer greater than 0 | +| | | | | -->avd.aquasec.com/appshield/ksv029 | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +``` + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c + tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 + +##### Scan Results + +**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** + +``` +2021-12-03T19:50:28.083Z INFO Detected OS: alpine +2021-12-03T19:50:28.083Z INFO Detecting Alpine vulnerabilities... +2021-12-03T19:50:28.087Z INFO Number of language-specific files: 0 + +tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) +========================================================================================================================= +Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) + ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+ +---------------+---------------------------------------+ +| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + +**Container: tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4** + +``` +2021-12-03T19:50:31.667Z INFO Detected OS: debian +2021-12-03T19:50:31.667Z INFO Detecting Debian vulnerabilities... +2021-12-03T19:50:31.681Z INFO Number of language-specific files: 1 +2021-12-03T19:50:31.681Z INFO Detecting gobinary vulnerabilities... + +tccr.io/truecharts/promtail:v2.4.1@sha256:83bceed26a638b211d65b6e80d4a33d01dc82b81e630d57e883b490ac0c57ef4 (debian 11.1) +======================================================================================================================== +Total: 65 (UNKNOWN: 0, LOW: 60, MEDIUM: 1, HIGH: 2, CRITICAL: 2) + ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| apt | CVE-2011-3374 | LOW | 2.2.4 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| coreutils | CVE-2016-2781 | | 8.32-4 | | coreutils: Non-privileged | +| | | | | | session can escape to the | +| | | | | | parent session in chroot | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2017-18018 | | | | coreutils: race condition | +| | | | | | vulnerability in chown and chgrp | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libapt-pkg6.0 | CVE-2011-3374 | | 2.2.4 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| libc-bin | CVE-2021-33574 | CRITICAL | 2.31-13+deb11u2 | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+----------+ +---------------+-----------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2021-43396 | | | | glibc: conversion from | +| | | | | | ISO-2022-JP-3 with iconv may | +| | | | | | emit spurious NUL character on... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | ++------------------+------------------+----------+ +---------------+-----------------------------------------+ +| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+----------+ +---------------+-----------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2021-43396 | | | | glibc: conversion from | +| | | | | | ISO-2022-JP-3 with iconv may | +| | | | | | emit spurious NUL character on... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43396 | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | | libgcrypt: mishandles ElGamal | +| | | | | | encryption because it lacks | +| | | | | | exponent blinding to address a... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | ++ +------------------+----------+ +---------------+-----------------------------------------+ +| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | +| | | | | | doesn't have semantic security due | +| | | | | | to incorrectly encoded plaintexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| libgmp10 | CVE-2021-43618 | HIGH | 2:6.2.1+dfsg-1 | | gmp: Integer overflow and resultant | +| | | | | | buffer overflow via crafted input | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | | HTTPS: block-wise chosen-plaintext | +| | | | | | attack against SSL/TLS (BEAST) | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libgssapi-krb5-2 | CVE-2004-0971 | | 1.18.3-6+deb11u1 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+-----------------------------------------+ +| libk5crypto3 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+-----------------------------------------+ +| libkrb5-3 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+-----------------------------------------+ +| libkrb5support0 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libpcre3 | CVE-2017-11164 | | 2:8.39-13 | | pcre: OP_KETRMAX feature in the | +| | | | | | match function in pcre_exec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2017-16231 | | | | pcre: self-recursive call | +| | | | | | in match() in pcre_exec.c | +| | | | | | leads to denial of service... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | +| | | | | | when UTF is disabled and \X or... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libsepol1 | CVE-2021-36084 | | 3.1-1 | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2021-36085 | | | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2021-36086 | | | | libsepol: use-after-free in | +| | | | | | cil_reset_classpermission() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2021-36087 | | | | libsepol: heap-based buffer | +| | | | | | overflow in ebitmap_match_any() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libssl1.1 | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libsystemd-dev | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++------------------+------------------+ + +---------------+-----------------------------------------+ +| libsystemd0 | CVE-2013-4392 | | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libtinfo6 | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| libudev1 | CVE-2013-4392 | | 247.3-6 | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| login | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| ncurses-base | CVE-2021-39537 | | 6.2+20201114-2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+ + + +---------------+ + +| ncurses-bin | | | | | | +| | | | | | | +| | | | | | | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| openssl | CVE-2007-6755 | | 1.1.1k-1+deb11u1 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| passwd | CVE-2007-5686 | | 1:4.8.1-1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+-----------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ +| perl-base | CVE-2020-16156 | MEDIUM | 5.32.1-4+deb11u2 | | [Signature Verification Bypass] | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | ++ +------------------+----------+ +---------------+-----------------------------------------+ +| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | +| | | | | | temporary file handling | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | ++------------------+------------------+ +-------------------+---------------+-----------------------------------------+ +| tar | CVE-2005-2541 | | 1.34+dfsg-1 | | tar: does not properly warn the user | +| | | | | | when extracting setuid or setgid... | +| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | ++------------------+------------------+----------+-------------------+---------------+-----------------------------------------+ + +usr/bin/promtail (gobinary) +=========================== +Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0) + ++----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ +| github.com/containerd/containerd | CVE-2021-41103 | HIGH | v1.5.4 | v1.4.11, v1.5.7 | containerd: insufficiently | +| | | | | | restricted permissions on container | +| | | | | | root and plugin directories | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-41103 | ++----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ +| github.com/prometheus/prometheus | CVE-2019-3826 | MEDIUM | v1.8.2-0.20211011171444-354d8d2ecfac | v2.7.1 | prometheus: Stored DOM | +| | | | | | cross-site scripting (XSS) | +| | | | | | attack via crafted URL | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3826 | ++----------------------------------+------------------+----------+--------------------------------------+-----------------+---------------------------------------+ +``` + diff --git a/dependency/promtail/1.0.5/templates/common.yaml b/dependency/promtail/1.0.6/templates/common.yaml similarity index 100% rename from dependency/promtail/1.0.5/templates/common.yaml rename to dependency/promtail/1.0.6/templates/common.yaml diff --git a/dependency/promtail/1.0.5/templates/secret.yaml b/dependency/promtail/1.0.6/templates/secret.yaml similarity index 100% rename from dependency/promtail/1.0.5/templates/secret.yaml rename to dependency/promtail/1.0.6/templates/secret.yaml diff --git a/dependency/promtail/1.0.5/templates/servicemonitor.yaml b/dependency/promtail/1.0.6/templates/servicemonitor.yaml similarity index 100% rename from dependency/promtail/1.0.5/templates/servicemonitor.yaml rename to dependency/promtail/1.0.6/templates/servicemonitor.yaml diff --git a/dependency/promtail/1.0.5/values.yaml b/dependency/promtail/1.0.6/values.yaml similarity index 100% rename from dependency/promtail/1.0.5/values.yaml rename to dependency/promtail/1.0.6/values.yaml diff --git a/dependency/redis/1.0.21/Chart.lock b/dependency/redis/1.0.21/Chart.lock deleted file mode 100644 index 9e23f84e2d3..00000000000 --- a/dependency/redis/1.0.21/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: common - repository: https://truecharts.org - version: 8.9.7 -digest: sha256:fcde72accd942e87af2e3e43b8743053fca3f604d214556f2357bd39ca43d3dd -generated: "2021-12-03T14:14:05.026499062Z" diff --git a/dependency/redis/1.0.21/charts/common-8.9.7.tgz b/dependency/redis/1.0.21/charts/common-8.9.7.tgz deleted file mode 100644 index d624e7df28b..00000000000 Binary files a/dependency/redis/1.0.21/charts/common-8.9.7.tgz and /dev/null differ diff --git a/dependency/redis/1.0.21/CHANGELOG.md b/dependency/redis/1.0.22/CHANGELOG.md similarity index 90% rename from dependency/redis/1.0.21/CHANGELOG.md rename to dependency/redis/1.0.22/CHANGELOG.md index 8eff291e518..8fab4657801 100644 --- a/dependency/redis/1.0.21/CHANGELOG.md +++ b/dependency/redis/1.0.22/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [redis-1.0.22](https://github.com/truecharts/apps/compare/redis-1.0.21...redis-1.0.22) (2021-12-03) + +#### Chore + +* bump common on dependency train ([#1452](https://github.com/truecharts/apps/issues/1452)) + + + ### [redis-1.0.21](https://github.com/truecharts/apps/compare/redis-1.0.20...redis-1.0.21) (2021-12-03) @@ -88,12 +97,3 @@ ### [redis-1.0.10](https://github.com/truecharts/apps/compare/redis-1.0.9...redis-1.0.10) (2021-11-22) -#### Chore - -* update non-major ([#1380](https://github.com/truecharts/apps/issues/1380)) - - - - -### [redis-1.0.8](https://github.com/truecharts/apps/compare/redis-1.0.7...redis-1.0.8) (2021-11-18) - diff --git a/dependency/redis/1.0.21/CONFIG.md b/dependency/redis/1.0.22/CONFIG.md similarity index 100% rename from dependency/redis/1.0.21/CONFIG.md rename to dependency/redis/1.0.22/CONFIG.md diff --git a/dependency/redis/1.0.22/Chart.lock b/dependency/redis/1.0.22/Chart.lock new file mode 100644 index 00000000000..49dea472717 --- /dev/null +++ b/dependency/redis/1.0.22/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://truecharts.org + version: 8.9.10 +digest: sha256:76ef16a78cbfe53b0be5d9fac03039063f57b2b43f927e4cbfed13be1c939fcc +generated: "2021-12-03T19:51:06.979294002Z" diff --git a/dependency/redis/1.0.21/Chart.yaml b/dependency/redis/1.0.22/Chart.yaml similarity index 95% rename from dependency/redis/1.0.21/Chart.yaml rename to dependency/redis/1.0.22/Chart.yaml index a920fb355c8..a58368151e7 100644 --- a/dependency/redis/1.0.21/Chart.yaml +++ b/dependency/redis/1.0.22/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "6.2.6" dependencies: - name: common repository: https://truecharts.org - version: 8.9.7 + version: 8.9.10 deprecated: false description: Open source, advanced key-value store. home: https://github.com/truecharts/apps/tree/master/stable/redis @@ -22,7 +22,7 @@ sources: - https://github.com/bitnami/bitnami-docker-redis - http://redis.io/ type: application -version: 1.0.21 +version: 1.0.22 annotations: truecharts.org/catagories: | - database diff --git a/dependency/redis/1.0.21/README.md b/dependency/redis/1.0.22/README.md similarity index 96% rename from dependency/redis/1.0.21/README.md rename to dependency/redis/1.0.22/README.md index 5b2e2cbcd0b..5f78b02f5f8 100644 --- a/dependency/redis/1.0.21/README.md +++ b/dependency/redis/1.0.22/README.md @@ -18,7 +18,7 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| https://truecharts.org | common | 8.9.7 | +| https://truecharts.org | common | 8.9.10 | ## Installing the Chart diff --git a/dependency/redis/1.0.21/app-readme.md b/dependency/redis/1.0.22/app-readme.md similarity index 100% rename from dependency/redis/1.0.21/app-readme.md rename to dependency/redis/1.0.22/app-readme.md diff --git a/dependency/redis/1.0.22/charts/common-8.9.10.tgz b/dependency/redis/1.0.22/charts/common-8.9.10.tgz new file mode 100644 index 00000000000..635c25c8f45 Binary files /dev/null and b/dependency/redis/1.0.22/charts/common-8.9.10.tgz differ diff --git a/dependency/redis/1.0.21/helm-values.md b/dependency/redis/1.0.22/helm-values.md similarity index 100% rename from dependency/redis/1.0.21/helm-values.md rename to dependency/redis/1.0.22/helm-values.md diff --git a/dependency/redis/1.0.21/ix_values.yaml b/dependency/redis/1.0.22/ix_values.yaml similarity index 100% rename from dependency/redis/1.0.21/ix_values.yaml rename to dependency/redis/1.0.22/ix_values.yaml diff --git a/dependency/redis/1.0.21/questions.yaml b/dependency/redis/1.0.22/questions.yaml similarity index 100% rename from dependency/redis/1.0.21/questions.yaml rename to dependency/redis/1.0.22/questions.yaml diff --git a/dependency/redis/1.0.22/sec-scan.md b/dependency/redis/1.0.22/sec-scan.md new file mode 100644 index 00000000000..6e154a87c63 --- /dev/null +++ b/dependency/redis/1.0.22/sec-scan.md @@ -0,0 +1,892 @@ +# Security Scan + +## Helm-Chart + +##### Scan Results + +``` +2021-12-03T19:51:28.440Z INFO Detected config files: 1 + +redis/templates/common.yaml (kubernetes) +======================================== +Tests: 41 (SUCCESSES: 28, FAILURES: 13, EXCEPTIONS: 0) +Failures: 13 (UNKNOWN: 0, LOW: 6, MEDIUM: 7, HIGH: 0, CRITICAL: 0) + ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| TYPE | MISCONF ID | CHECK | SEVERITY | MESSAGE | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Container 'RELEASE-NAME-redis' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' | +| | | | | should add 'ALL' to | +| | | | | 'securityContext.capabilities.drop' | +| | | | | -->avd.aquasec.com/appshield/ksv003 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV012 | Runs as root user | MEDIUM | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' should | +| | | | | set 'securityContext.runAsNonRoot' to | +| | | | | true -->avd.aquasec.com/appshield/ksv012 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV013 | Image tag ':latest' used | LOW | Container 'RELEASE-NAME-redis' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' | +| | | | | should specify an image tag | +| | | | | -->avd.aquasec.com/appshield/ksv013 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV014 | Root file system is not read-only | | Container 'RELEASE-NAME-redis' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-redis' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' | +| | | | | of StatefulSet | +| | | | | 'RELEASE-NAME-redis' should set | +| | | | | 'securityContext.readOnlyRootFilesystem' | +| | | | | to true | +| | | | | -->avd.aquasec.com/appshield/ksv014 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV019 | Seccomp policies disabled | MEDIUM | Container 'RELEASE-NAME-redis' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' | +| | | | | should specify a seccomp profile | +| | | | | -->avd.aquasec.com/appshield/ksv019 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV020 | Runs with low user ID | | Container 'RELEASE-NAME-redis' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' should | +| | | | | set 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' should | +| | | | | set 'securityContext.runAsUser' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv020 | ++ +------------+-----------------------------------------+ +----------------------------------------------+ +| | KSV021 | Runs with low group ID | | Container 'RELEASE-NAME-redis' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' should | +| | | | | set 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ + + + +----------------------------------------------+ +| | | | | Container 'autopermissions' of | +| | | | | StatefulSet 'RELEASE-NAME-redis' should | +| | | | | set 'securityContext.runAsGroup' > 10000 | +| | | | | -->avd.aquasec.com/appshield/ksv021 | ++ +------------+-----------------------------------------+----------+----------------------------------------------+ +| | KSV029 | A root primary or supplementary GID set | LOW | StatefulSet 'RELEASE-NAME-redis' should | +| | | | | set 'spec.securityContext.runAsGroup', | +| | | | | 'spec.securityContext.supplementalGroups[*]' | +| | | | | and 'spec.securityContext.fsGroup' | +| | | | | to integer greater than 0 | +| | | | | -->avd.aquasec.com/appshield/ksv029 | ++---------------------------+------------+-----------------------------------------+----------+----------------------------------------------+ +``` + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c + tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae + +##### Scan Results + +**Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c** + +``` +2021-12-03T19:51:29.491Z INFO Detected OS: alpine +2021-12-03T19:51:29.491Z INFO Detecting Alpine vulnerabilities... +2021-12-03T19:51:29.495Z INFO Number of language-specific files: 0 + +tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2) +========================================================================================================================= +Total: 22 (UNKNOWN: 0, LOW: 0, MEDIUM: 4, HIGH: 18, CRITICAL: 0) + ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+ +---------------+---------------------------------------+ +| ssl_client | CVE-2021-42378 | HIGH | | 1.33.1-r6 | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42378 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42379 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42379 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42380 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42380 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42381 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42381 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42382 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42382 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42383 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42383 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42384 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42384 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42385 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42385 | ++ +------------------+ + + +---------------------------------------+ +| | CVE-2021-42386 | | | | busybox: use-after-free in | +| | | | | | awk applet leads to denial | +| | | | | | of service and possibly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42386 | ++ +------------------+----------+ +---------------+---------------------------------------+ +| | CVE-2021-42374 | MEDIUM | | 1.33.1-r4 | busybox: out-of-bounds read | +| | | | | | in unlzma applet leads to | +| | | | | | information leak and denial... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42374 | ++ +------------------+ + +---------------+---------------------------------------+ +| | CVE-2021-42375 | | | 1.33.1-r5 | busybox: incorrect handling | +| | | | | | of a special element in | +| | | | | | ash applet leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-42375 | ++------------+------------------+----------+-------------------+---------------+---------------------------------------+ +``` + +**Container: tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae** + +``` +2021-12-03T19:51:31.914Z INFO Detected OS: debian +2021-12-03T19:51:31.914Z INFO Detecting Debian vulnerabilities... +2021-12-03T19:51:31.930Z INFO Number of language-specific files: 2 +2021-12-03T19:51:31.930Z INFO Detecting gobinary vulnerabilities... + +tccr.io/truecharts/redis:v6.2.6@sha256:741dc63de7fed6f7f4fff41ac4b23a40f6850e9fb361e35e2959c71d8f10aeae (debian 10.11) +====================================================================================================================== +Total: 142 (UNKNOWN: 0, LOW: 104, MEDIUM: 11, HIGH: 23, CRITICAL: 4) + ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| apt | CVE-2011-3374 | LOW | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bash | CVE-2019-18276 | | 5.0-4 | | bash: when effective UID is not | +| | | | | | equal to its real UID the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-18276 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| bsdutils | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| coreutils | CVE-2016-2781 | | 8.30-3 | | coreutils: Non-privileged | +| | | | | | session can escape to the | +| | | | | | parent session in chroot | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-2781 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-18018 | | | | coreutils: race condition | +| | | | | | vulnerability in chown and chgrp | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-18018 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| curl | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| fdisk | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gcc-8-base | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| gpgv | CVE-2019-14855 | LOW | 2.2.12-1+deb10u1 | | gnupg2: OpenPGP Key Certification | +| | | | | | Forgeries with SHA-1 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-14855 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libapt-pkg5.0 | CVE-2011-3374 | | 1.8.2.3 | | It was found that apt-key in apt, | +| | | | | | all versions, do not correctly... | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3374 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libblkid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libc-bin | CVE-2021-33574 | CRITICAL | 2.28-10 | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+ +---------------+--------------------------------------------------------------+ +| libc6 | CVE-2021-33574 | CRITICAL | | | glibc: mq_notify does | +| | | | | | not handle separately | +| | | | | | allocated thread attributes | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33574 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-35942 | | | | glibc: Arbitrary read in wordexp() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-35942 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2020-1751 | HIGH | | | glibc: array overflow in | +| | | | | | backtrace functions for powerpc | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1751 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-1752 | | | | glibc: use-after-free in glob() | +| | | | | | function when expanding ~user | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-1752 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-3326 | | | | glibc: Assertion failure in | +| | | | | | ISO-2022-JP-3 gconv module | +| | | | | | related to combining characters | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-3326 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-25013 | MEDIUM | | | glibc: buffer over-read in | +| | | | | | iconv when processing invalid | +| | | | | | multi-byte input sequences in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-25013 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-10029 | | | | glibc: stack corruption | +| | | | | | from crafted input in cosl, | +| | | | | | sinl, sincosl, and tanl... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-10029 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-27618 | | | | glibc: iconv when processing | +| | | | | | invalid multi-byte input | +| | | | | | sequences fails to advance the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-27618 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2010-4756 | LOW | | | glibc: glob implementation | +| | | | | | can cause excessive CPU and | +| | | | | | memory consumption due to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2016-10228 | | | | glibc: iconv program can hang | +| | | | | | when invoked with the -c option | +| | | | | | -->avd.aquasec.com/nvd/cve-2016-10228 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-20796 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010022 | | | | glibc: stack guard protection bypass | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF | +| | | | | | leads to code execution because of... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010024 | | | | glibc: ASLR bypass using | +| | | | | | cache of thread stack and heap | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-1010025 | | | | glibc: information disclosure of heap | +| | | | | | addresses of pthread_created thread | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19126 | | | | glibc: LD_PREFER_MAP_32BIT_EXEC | +| | | | | | not ignored in setuid binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19126 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in | +| | | | | | function check_dst_limits_calc_pos_1 | +| | | | | | in posix/regexec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-6096 | | | | glibc: signed comparison | +| | | | | | vulnerability in the | +| | | | | | ARMv7 memcpy function | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-6096 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-27645 | | | | glibc: Use-after-free in | +| | | | | | addgetnetgrentX function | +| | | | | | in netgroupcache.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-27645 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libcurl4 | CVE-2021-22946 | HIGH | 7.64.0-4+deb10u2 | | curl: Requirement to use | +| | | | | | TLS not properly enforced | +| | | | | | for IMAP, POP3, and... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22946 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22947 | MEDIUM | | | curl: Server responses | +| | | | | | received before STARTTLS | +| | | | | | processed after TLS handshake | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22947 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2021-22898 | LOW | | | curl: TELNET stack | +| | | | | | contents disclosure | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22898 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22922 | | | | curl: Content not matching hash | +| | | | | | in Metalink is not being discarded | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22922 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22923 | | | | curl: Metalink download | +| | | | | | sends credentials | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-22924 | | | | curl: Bad connection reuse | +| | | | | | due to flawed path name checks | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-22924 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libfdisk1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgcc1 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgcrypt20 | CVE-2021-33560 | | 1.8.4-5+deb10u1 | | libgcrypt: mishandles ElGamal | +| | | | | | encryption because it lacks | +| | | | | | exponent blinding to address a... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-33560 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-13627 | MEDIUM | | | libgcrypt: ECDSA timing attack | +| | | | | | allowing private key leak | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13627 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2018-6829 | LOW | | | libgcrypt: ElGamal implementation | +| | | | | | doesn't have semantic security due | +| | | | | | to incorrectly encoded plaintexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-6829 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgmp10 | CVE-2021-43618 | HIGH | 2:6.1.2+dfsg-4 | | gmp: Integer overflow and resultant | +| | | | | | buffer overflow via crafted input | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-43618 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libgnutls30 | CVE-2011-3389 | LOW | 3.6.7-4+deb10u7 | | HTTPS: block-wise chosen-plaintext | +| | | | | | attack against SSL/TLS (BEAST) | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-3389 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libgssapi-krb5-2 | CVE-2004-0971 | | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libidn2-0 | CVE-2019-12290 | HIGH | 2.0.5-1+deb10u1 | | GNU libidn2 before 2.2.0 | +| | | | | | fails to perform the roundtrip | +| | | | | | checks specified in... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-12290 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libk5crypto3 | CVE-2004-0971 | LOW | 1.17-3+deb10u3 | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5-3 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libkrb5support0 | CVE-2004-0971 | | | | security flaw | +| | | | | | -->avd.aquasec.com/nvd/cve-2004-0971 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-5709 | | | | krb5: integer overflow | +| | | | | | in dbentry->n_key_data | +| | | | | | in kadmin/dbutil/dump.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-5709 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libldap-2.4-2 | CVE-2015-3276 | | 2.4.47+dfsg-3+deb10u6 | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ + +---------------+--------------------------------------------------------------+ +| libldap-common | CVE-2015-3276 | | | | openldap: incorrect multi-keyword | +| | | | | | mode cipherstring parsing | +| | | | | | -->avd.aquasec.com/nvd/cve-2015-3276 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-14159 | | | | openldap: Privilege escalation | +| | | | | | via PID file manipulation | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-14159 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-17740 | | | | openldap: | +| | | | | | contrib/slapd-modules/nops/nops.c | +| | | | | | attempts to free stack buffer | +| | | | | | allowing remote attackers to cause... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-17740 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-15719 | | | | openldap: Certificate | +| | | | | | validation incorrectly | +| | | | | | matches name against CN-ID | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-15719 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| liblz4-1 | CVE-2019-17543 | | 1.8.3-1+deb10u1 | | lz4: heap-based buffer | +| | | | | | overflow in LZ4_write32 | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17543 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libmount1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libncurses6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+ + + +---------------+ + +| libncursesw6 | | | | | | +| | | | | | | +| | | | | | | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libnghttp2-14 | CVE-2020-11080 | HIGH | 1.36.0-2+deb10u1 | | nghttp2: overly large SETTINGS | +| | | | | | frames can lead to DoS | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-11080 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libpcre3 | CVE-2020-14155 | MEDIUM | 2:8.39-12 | | pcre: Integer overflow when | +| | | | | | parsing callout numeric arguments | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-14155 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2017-11164 | LOW | | | pcre: OP_KETRMAX feature in the | +| | | | | | match function in pcre_exec.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-11164 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-16231 | | | | pcre: self-recursive call | +| | | | | | in match() in pcre_exec.c | +| | | | | | leads to denial of service... | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-16231 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7245 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7245 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2017-7246 | | | | pcre: stack-based buffer overflow | +| | | | | | write in pcre32_copy_substring | +| | | | | | -->avd.aquasec.com/nvd/cve-2017-7246 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20838 | | | | pcre: Buffer over-read in JIT | +| | | | | | when UTF is disabled and \X or... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20838 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libseccomp2 | CVE-2019-9893 | | 2.3.3-4 | | libseccomp: incorrect generation | +| | | | | | of syscall filters in libseccomp | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9893 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsepol1 | CVE-2021-36084 | | 2.8-1 | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36084 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36085 | | | | libsepol: use-after-free in | +| | | | | | __cil_verify_classperms() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36085 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36086 | | | | libsepol: use-after-free in | +| | | | | | cil_reset_classpermission() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36086 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-36087 | | | | libsepol: heap-based buffer | +| | | | | | overflow in ebitmap_match_any() | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-36087 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsmartcols1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libssh2-1 | CVE-2019-13115 | HIGH | 1.8.0-2.1 | | libssh2: integer overflow in | +| | | | | | kex_method_diffie_hellman_group_exchange_sha256_key_exchange | +| | | | | | in kex.c leads to out-of-bounds write | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-13115 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2019-17498 | LOW | | | libssh2: integer overflow in | +| | | | | | SSH_MSG_DISCONNECT logic in packet.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-17498 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libssl1.1 | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libstdc++6 | CVE-2018-12886 | HIGH | 8.3.0-6 | | gcc: spilling of stack | +| | | | | | protection address in cfgexpand.c | +| | | | | | and function.c leads to... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-12886 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-15847 | | | | gcc: POWER9 "DARN" RNG intrinsic | +| | | | | | produces repeated output | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-15847 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libsystemd0 | CVE-2019-3843 | | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtasn1-6 | CVE-2018-1000654 | | 4.13-3 | | libtasn1: Infinite loop in | +| | | | | | _asn1_expand_object_id(ptree) | +| | | | | | leads to memory exhaustion | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-1000654 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libtinfo6 | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| libudev1 | CVE-2019-3843 | HIGH | 241-7~deb10u8 | | systemd: services with DynamicUser | +| | | | | | can create SUID/SGID binaries | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3843 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-3844 | | | | systemd: services with DynamicUser | +| | | | | | can get new privileges and | +| | | | | | create SGID binaries... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-3844 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2013-4392 | LOW | | | systemd: TOCTOU race condition | +| | | | | | when updating file permissions | +| | | | | | and SELinux security contexts... | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4392 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-20386 | | | | systemd: memory leak in button_open() | +| | | | | | in login/logind-button.c when | +| | | | | | udev events are received... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-20386 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13529 | | | | systemd: DHCP FORCERENEW | +| | | | | | authentication not implemented | +| | | | | | can cause a system running the... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13529 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2020-13776 | | | | systemd: Mishandles numerical | +| | | | | | usernames beginning with decimal | +| | | | | | digits or 0x followed by... | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-13776 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| libuuid1 | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| login | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| mount | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| ncurses-base | CVE-2021-39537 | | 6.1+20181013-2+deb10u2 | | ncurses: heap-based buffer overflow | +| | | | | | in _nc_captoinfo() in captoinfo.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-39537 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| openssl | CVE-2007-6755 | | 1.1.1d-0+deb10u7 | | Dual_EC_DRBG: weak pseudo | +| | | | | | random number generator | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2010-0928 | | | | openssl: RSA authentication weakness | +| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| passwd | CVE-2007-5686 | | 1:4.5-1.1 | | initscripts in rPath Linux 1 | +| | | | | | sets insecure permissions for | +| | | | | | the /var/log/btmp file,... | +| | | | | | -->avd.aquasec.com/nvd/cve-2007-5686 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2013-4235 | | | | shadow-utils: TOCTOU race | +| | | | | | conditions by copying and | +| | | | | | removing directory trees | +| | | | | | -->avd.aquasec.com/nvd/cve-2013-4235 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2018-7169 | | | | shadow-utils: newgidmap | +| | | | | | allows unprivileged user to | +| | | | | | drop supplementary groups | +| | | | | | potentially allowing privilege... | +| | | | | | -->avd.aquasec.com/nvd/cve-2018-7169 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-19882 | | | | shadow-utils: local users can | +| | | | | | obtain root access because setuid | +| | | | | | programs are misconfigured... | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-19882 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ +| perl-base | CVE-2020-16156 | MEDIUM | 5.28.1-6+deb10u1 | | [Signature Verification Bypass] | +| | | | | | -->avd.aquasec.com/nvd/cve-2020-16156 | ++ +------------------+----------+ +---------------+--------------------------------------------------------------+ +| | CVE-2011-4116 | LOW | | | perl: File::Temp insecure | +| | | | | | temporary file handling | +| | | | | | -->avd.aquasec.com/nvd/cve-2011-4116 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| tar | CVE-2005-2541 | | 1.30+dfsg-6 | | tar: does not properly warn the user | +| | | | | | when extracting setuid or setgid... | +| | | | | | -->avd.aquasec.com/nvd/cve-2005-2541 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2019-9923 | | | | tar: null-pointer dereference | +| | | | | | in pax_decode_header in sparse.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2019-9923 | ++ +------------------+ + +---------------+--------------------------------------------------------------+ +| | CVE-2021-20193 | | | | tar: Memory leak in | +| | | | | | read_header() in list.c | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-20193 | ++------------------+------------------+ +------------------------+---------------+--------------------------------------------------------------+ +| util-linux | CVE-2021-37600 | | 2.33.1-0.1 | | util-linux: integer overflow | +| | | | | | can lead to buffer overflow | +| | | | | | in get_sem_elements() in | +| | | | | | sys-utils/ipcutils.c... | +| | | | | | -->avd.aquasec.com/nvd/cve-2021-37600 | ++------------------+------------------+----------+------------------------+---------------+--------------------------------------------------------------+ + +opt/bitnami/common/bin/gosu (gobinary) +====================================== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + + +opt/bitnami/common/bin/wait-for-port (gobinary) +=============================================== +Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) + +``` + diff --git a/dependency/redis/1.0.21/templates/common.yaml b/dependency/redis/1.0.22/templates/common.yaml similarity index 100% rename from dependency/redis/1.0.21/templates/common.yaml rename to dependency/redis/1.0.22/templates/common.yaml diff --git a/dependency/redis/1.0.21/templates/health-configmap.yaml b/dependency/redis/1.0.22/templates/health-configmap.yaml similarity index 100% rename from dependency/redis/1.0.21/templates/health-configmap.yaml rename to dependency/redis/1.0.22/templates/health-configmap.yaml diff --git a/dependency/redis/1.0.21/templates/secret.yaml b/dependency/redis/1.0.22/templates/secret.yaml similarity index 100% rename from dependency/redis/1.0.21/templates/secret.yaml rename to dependency/redis/1.0.22/templates/secret.yaml diff --git a/dependency/redis/1.0.21/values.yaml b/dependency/redis/1.0.22/values.yaml similarity index 100% rename from dependency/redis/1.0.21/values.yaml rename to dependency/redis/1.0.22/values.yaml