sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 4fcb0f39f5

This commit is contained in:
NeilHanlon 2022-10-15 13:14:26 +00:00
parent 02c4daccd9
commit 238f801314
2 changed files with 112 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-10-13 13:20:55.387445452 +0000 UTC m=+1.590399071 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-10-15 13:14:25.663067142 +0000 UTC m=+1.412600978 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-10-13 13:20:55.387481653 +0000 UTC m=+1.590435372</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-10-15 13:14:25.663096742 +0000 UTC m=+1.412630478</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -99,16 +99,15 @@
<td class="pkg-version">7.61.1-22.el8_6.3</td>
<td>7.61.1-22.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6157">https://access.redhat.com/errata/RHSA-2022:6157</a>
<a href="https://access.redhat.com/errata/RHSA-2022:6159">https://access.redhat.com/errata/RHSA-2022:6159</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-32206">https://access.redhat.com/security/cve/CVE-2022-32206</a>
<a href="https://bugzilla.redhat.com/2099300">https://bugzilla.redhat.com/2099300</a>
<a href="https://bugzilla.redhat.com/2099305">https://bugzilla.redhat.com/2099305</a>
<a href="https://bugzilla.redhat.com/2099306">https://bugzilla.redhat.com/2099306</a>
<a href="https://curl.se/docs/CVE-2022-32206.html">https://curl.se/docs/CVE-2022-32206.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6157.html">https://errata.almalinux.org/9/ALSA-2022-6157.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-6159.html">https://errata.almalinux.org/8/ALSA-2022-6159.html</a>
<a href="https://hackerone.com/reports/1570651">https://hackerone.com/reports/1570651</a>
<a href="https://linux.oracle.com/cve/CVE-2022-32206.html">https://linux.oracle.com/cve/CVE-2022-32206.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
@ -127,16 +126,15 @@
<td class="pkg-version">7.61.1-22.el8_6.3</td>
<td>7.61.1-22.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6157">https://access.redhat.com/errata/RHSA-2022:6157</a>
<a href="https://access.redhat.com/errata/RHSA-2022:6159">https://access.redhat.com/errata/RHSA-2022:6159</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-32208">https://access.redhat.com/security/cve/CVE-2022-32208</a>
<a href="https://bugzilla.redhat.com/2099300">https://bugzilla.redhat.com/2099300</a>
<a href="https://bugzilla.redhat.com/2099305">https://bugzilla.redhat.com/2099305</a>
<a href="https://bugzilla.redhat.com/2099306">https://bugzilla.redhat.com/2099306</a>
<a href="https://curl.se/docs/CVE-2022-32208.html">https://curl.se/docs/CVE-2022-32208.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6157.html">https://errata.almalinux.org/9/ALSA-2022-6157.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-6159.html">https://errata.almalinux.org/8/ALSA-2022-6159.html</a>
<a href="https://hackerone.com/reports/1590071">https://hackerone.com/reports/1590071</a>
<a href="https://linux.oracle.com/cve/CVE-2022-32208.html">https://linux.oracle.com/cve/CVE-2022-32208.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
@ -149,6 +147,34 @@
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
</td>
</tr>
<tr class="severity-CRITICAL">
<td class="pkg-name">expat</td>
<td>CVE-2022-40674</td>
<td class="severity">CRITICAL</td>
<td class="pkg-version">2.2.5-8.el8_6.2</td>
<td>2.2.5-8.el8_6.3</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6878">https://access.redhat.com/errata/RHSA-2022:6878</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-40674.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-40674">https://access.redhat.com/security/cve/CVE-2022-40674</a>
<a href="https://blog.hartwork.org/posts/expat-2-4-9-released/">https://blog.hartwork.org/posts/expat-2-4-9-released/</a>
<a href="https://bugzilla.redhat.com/2130769">https://bugzilla.redhat.com/2130769</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-6878.html">https://errata.almalinux.org/8/ALSA-2022-6878.html</a>
<a href="https://github.com/advisories/GHSA-2vq2-xc55-3j5m">https://github.com/advisories/GHSA-2vq2-xc55-3j5m</a>
<a href="https://github.com/libexpat/libexpat/pull/629">https://github.com/libexpat/libexpat/pull/629</a>
<a href="https://github.com/libexpat/libexpat/pull/640">https://github.com/libexpat/libexpat/pull/640</a>
<a href="https://linux.oracle.com/cve/CVE-2022-40674.html">https://linux.oracle.com/cve/CVE-2022-40674.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6878.html">https://linux.oracle.com/errata/ELSA-2022-6878.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html">https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40674">https://nvd.nist.gov/vuln/detail/CVE-2022-40674</a>
<a href="https://security.gentoo.org/glsa/202209-24">https://security.gentoo.org/glsa/202209-24</a>
<a href="https://ubuntu.com/security/notices/USN-5638-1">https://ubuntu.com/security/notices/USN-5638-1</a>
<a href="https://www.debian.org/security/2022/dsa-5236">https://www.debian.org/security/2022/dsa-5236</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">gnupg2</td>
<td>CVE-2022-34903</td>
@ -186,16 +212,15 @@
<td class="pkg-version">7.61.1-22.el8_6.3</td>
<td>7.61.1-22.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6157">https://access.redhat.com/errata/RHSA-2022:6157</a>
<a href="https://access.redhat.com/errata/RHSA-2022:6159">https://access.redhat.com/errata/RHSA-2022:6159</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-32206">https://access.redhat.com/security/cve/CVE-2022-32206</a>
<a href="https://bugzilla.redhat.com/2099300">https://bugzilla.redhat.com/2099300</a>
<a href="https://bugzilla.redhat.com/2099305">https://bugzilla.redhat.com/2099305</a>
<a href="https://bugzilla.redhat.com/2099306">https://bugzilla.redhat.com/2099306</a>
<a href="https://curl.se/docs/CVE-2022-32206.html">https://curl.se/docs/CVE-2022-32206.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6157.html">https://errata.almalinux.org/9/ALSA-2022-6157.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-6159.html">https://errata.almalinux.org/8/ALSA-2022-6159.html</a>
<a href="https://hackerone.com/reports/1570651">https://hackerone.com/reports/1570651</a>
<a href="https://linux.oracle.com/cve/CVE-2022-32206.html">https://linux.oracle.com/cve/CVE-2022-32206.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
@ -214,16 +239,15 @@
<td class="pkg-version">7.61.1-22.el8_6.3</td>
<td>7.61.1-22.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6157">https://access.redhat.com/errata/RHSA-2022:6157</a>
<a href="https://access.redhat.com/errata/RHSA-2022:6159">https://access.redhat.com/errata/RHSA-2022:6159</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-32208">https://access.redhat.com/security/cve/CVE-2022-32208</a>
<a href="https://bugzilla.redhat.com/2099300">https://bugzilla.redhat.com/2099300</a>
<a href="https://bugzilla.redhat.com/2099305">https://bugzilla.redhat.com/2099305</a>
<a href="https://bugzilla.redhat.com/2099306">https://bugzilla.redhat.com/2099306</a>
<a href="https://curl.se/docs/CVE-2022-32208.html">https://curl.se/docs/CVE-2022-32208.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6157.html">https://errata.almalinux.org/9/ALSA-2022-6157.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-6159.html">https://errata.almalinux.org/8/ALSA-2022-6159.html</a>
<a href="https://hackerone.com/reports/1590071">https://hackerone.com/reports/1590071</a>
<a href="https://linux.oracle.com/cve/CVE-2022-32208.html">https://linux.oracle.com/cve/CVE-2022-32208.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
@ -243,18 +267,16 @@
<td class="pkg-version">1:1.1.1k-6.el8_5</td>
<td>1:1.1.1k-7.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6224">https://access.redhat.com/errata/RHSA-2022:6224</a>
<a href="https://access.redhat.com/errata/RHSA-2022:5818">https://access.redhat.com/errata/RHSA-2022:5818</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-1292">https://access.redhat.com/security/cve/CVE-2022-1292</a>
<a href="https://bugzilla.redhat.com/2081494">https://bugzilla.redhat.com/2081494</a>
<a href="https://bugzilla.redhat.com/2087911">https://bugzilla.redhat.com/2087911</a>
<a href="https://bugzilla.redhat.com/2087913">https://bugzilla.redhat.com/2087913</a>
<a href="https://bugzilla.redhat.com/2097310">https://bugzilla.redhat.com/2097310</a>
<a href="https://bugzilla.redhat.com/2104905">https://bugzilla.redhat.com/2104905</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1292</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6224.html">https://errata.almalinux.org/9/ALSA-2022-6224.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-5818.html">https://errata.almalinux.org/8/ALSA-2022-5818.html</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23</a>
@ -282,18 +304,16 @@
<td class="pkg-version">1:1.1.1k-6.el8_5</td>
<td>1:1.1.1k-7.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6224">https://access.redhat.com/errata/RHSA-2022:6224</a>
<a href="https://access.redhat.com/errata/RHSA-2022:5818">https://access.redhat.com/errata/RHSA-2022:5818</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-2068">https://access.redhat.com/security/cve/CVE-2022-2068</a>
<a href="https://bugzilla.redhat.com/2081494">https://bugzilla.redhat.com/2081494</a>
<a href="https://bugzilla.redhat.com/2087911">https://bugzilla.redhat.com/2087911</a>
<a href="https://bugzilla.redhat.com/2087913">https://bugzilla.redhat.com/2087913</a>
<a href="https://bugzilla.redhat.com/2097310">https://bugzilla.redhat.com/2097310</a>
<a href="https://bugzilla.redhat.com/2104905">https://bugzilla.redhat.com/2104905</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6224.html">https://errata.almalinux.org/9/ALSA-2022-6224.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-5818.html">https://errata.almalinux.org/8/ALSA-2022-5818.html</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7</a>
@ -316,19 +336,17 @@
<td class="pkg-version">1:1.1.1k-6.el8_5</td>
<td>1:1.1.1k-7.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6224">https://access.redhat.com/errata/RHSA-2022:6224</a>
<a href="https://access.redhat.com/errata/RHSA-2022:5818">https://access.redhat.com/errata/RHSA-2022:5818</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1292.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2068.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2097.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-2097">https://access.redhat.com/security/cve/CVE-2022-2097</a>
<a href="https://bugzilla.redhat.com/2081494">https://bugzilla.redhat.com/2081494</a>
<a href="https://bugzilla.redhat.com/2087911">https://bugzilla.redhat.com/2087911</a>
<a href="https://bugzilla.redhat.com/2087913">https://bugzilla.redhat.com/2087913</a>
<a href="https://bugzilla.redhat.com/2097310">https://bugzilla.redhat.com/2097310</a>
<a href="https://bugzilla.redhat.com/2104905">https://bugzilla.redhat.com/2104905</a>
<a href="https://crates.io/crates/openssl-src">https://crates.io/crates/openssl-src</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2097</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6224.html">https://errata.almalinux.org/9/ALSA-2022-6224.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-5818.html">https://errata.almalinux.org/8/ALSA-2022-5818.html</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431</a>
<a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93">https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93</a>
<a href="https://linux.oracle.com/cve/CVE-2022-2097.html">https://linux.oracle.com/cve/CVE-2022-2097.html</a>
@ -436,7 +454,7 @@
<td class="pkg-version">2:8.0.1763-19.el8_6.2</td>
<td>2:8.0.1763-19.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:5942">https://access.redhat.com/errata/RHSA-2022:5942</a>
<a href="https://access.redhat.com/errata/RHSA-2022:5813">https://access.redhat.com/errata/RHSA-2022:5813</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json</a>
@ -445,7 +463,7 @@
<a href="https://bugzilla.redhat.com/2091682">https://bugzilla.redhat.com/2091682</a>
<a href="https://bugzilla.redhat.com/2091687">https://bugzilla.redhat.com/2091687</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-5942.html">https://errata.almalinux.org/9/ALSA-2022-5942.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-5813.html">https://errata.almalinux.org/8/ALSA-2022-5813.html</a>
<a href="https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010">https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010</a>
<a href="https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)">https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)</a>
<a href="https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777">https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777</a>
@ -464,7 +482,7 @@
<td class="pkg-version">2:8.0.1763-19.el8_6.2</td>
<td>2:8.0.1763-19.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:5942">https://access.redhat.com/errata/RHSA-2022:5942</a>
<a href="https://access.redhat.com/errata/RHSA-2022:5813">https://access.redhat.com/errata/RHSA-2022:5813</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json</a>
@ -473,7 +491,7 @@
<a href="https://bugzilla.redhat.com/2091682">https://bugzilla.redhat.com/2091682</a>
<a href="https://bugzilla.redhat.com/2091687">https://bugzilla.redhat.com/2091687</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-5942.html">https://errata.almalinux.org/9/ALSA-2022-5942.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-5813.html">https://errata.almalinux.org/8/ALSA-2022-5813.html</a>
<a href="https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839">https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839</a>
<a href="https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109">https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109</a>
<a href="https://linux.oracle.com/cve/CVE-2022-1785.html">https://linux.oracle.com/cve/CVE-2022-1785.html</a>
@ -490,7 +508,7 @@
<td class="pkg-version">2:8.0.1763-19.el8_6.2</td>
<td>2:8.0.1763-19.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:5942">https://access.redhat.com/errata/RHSA-2022:5942</a>
<a href="https://access.redhat.com/errata/RHSA-2022:5813">https://access.redhat.com/errata/RHSA-2022:5813</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json</a>
@ -499,7 +517,7 @@
<a href="https://bugzilla.redhat.com/2091682">https://bugzilla.redhat.com/2091682</a>
<a href="https://bugzilla.redhat.com/2091687">https://bugzilla.redhat.com/2091687</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-5942.html">https://errata.almalinux.org/9/ALSA-2022-5942.html</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-5813.html">https://errata.almalinux.org/8/ALSA-2022-5813.html</a>
<a href="https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a">https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a</a>
<a href="https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)">https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)</a>
<a href="https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118">https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118</a>

73
trivy-results.sarif
View File

@ -63,6 +63,33 @@
]
}
},
{
"id": "CVE-2022-40674",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-40674"
},
"fullDescription": {
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-40674",
"help": {
"text": "Vulnerability CVE-2022-40674\nSeverity: CRITICAL\nPackage: expat\nFixed Version: 2.2.5-8.el8_6.3\nLink: [CVE-2022-40674](https://avd.aquasec.com/nvd/cve-2022-40674)\nlibexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"markdown": "**Vulnerability CVE-2022-40674**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|expat|2.2.5-8.el8_6.3|[CVE-2022-40674](https://avd.aquasec.com/nvd/cve-2022-40674)|\n\nlibexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c."
},
"properties": {
"precision": "very-high",
"security-severity": "9.8",
"tags": [
"vulnerability",
"security",
"CRITICAL"
]
}
},
{
"id": "CVE-2022-34903",
"name": "OsPackageVulnerability",
@ -360,8 +387,32 @@
]
},
{
"ruleId": "CVE-2022-34903",
"ruleId": "CVE-2022-40674",
"ruleIndex": 2,
"level": "error",
"message": {
"text": "Package: expat\nInstalled Version: 2.2.5-8.el8_6.2\nVulnerability CVE-2022-40674\nSeverity: CRITICAL\nFixed Version: 2.2.5-8.el8_6.3\nLink: [CVE-2022-40674](https://avd.aquasec.com/nvd/cve-2022-40674)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-34903",
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: gnupg2\nInstalled Version: 2.2.20-2.el8\nVulnerability CVE-2022-34903\nSeverity: MEDIUM\nFixed Version: 2.2.20-3.el8_6\nLink: [CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)"
@ -433,7 +484,7 @@
},
{
"ruleId": "CVE-2022-1292",
"ruleIndex": 3,
"ruleIndex": 4,
"level": "error",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
@ -457,7 +508,7 @@
},
{
"ruleId": "CVE-2022-2068",
"ruleIndex": 4,
"ruleIndex": 5,
"level": "error",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
@ -481,7 +532,7 @@
},
{
"ruleId": "CVE-2022-2097",
"ruleIndex": 5,
"ruleIndex": 6,
"level": "warning",
"message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
@ -505,7 +556,7 @@
},
{
"ruleId": "CVE-2022-1586",
"ruleIndex": 6,
"ruleIndex": 7,
"level": "error",
"message": {
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
@ -529,7 +580,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 7,
"ruleIndex": 8,
"level": "error",
"message": {
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -553,7 +604,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 7,
"ruleIndex": 8,
"level": "error",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -577,7 +628,7 @@
},
{
"ruleId": "CVE-2022-2526",
"ruleIndex": 7,
"ruleIndex": 8,
"level": "error",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -601,7 +652,7 @@
},
{
"ruleId": "CVE-2022-1927",
"ruleIndex": 8,
"ruleIndex": 9,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: CRITICAL\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
@ -625,7 +676,7 @@
},
{
"ruleId": "CVE-2022-1785",
"ruleIndex": 9,
"ruleIndex": 10,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
@ -649,7 +700,7 @@
},
{
"ruleId": "CVE-2022-1897",
"ruleIndex": 10,
"ruleIndex": 11,
"level": "error",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"