sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
5
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 9faa504140

This commit is contained in:
NeilHanlon 2022-08-16 13:09:46 +00:00
parent ff0314bab6
commit 7bb3dc9825
2 changed files with 247 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-15 13:14:16.783841937 +0000 UTC m=+0.716643030 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-16 13:09:45.619168364 +0000 UTC m=+0.998653716 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,10 +81,97 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-15 13:14:16.783867737 +0000 UTC m=+0.716668830</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-16 13:09:45.619197864 +0000 UTC m=+0.998683216</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr><th colspan="6">No Vulnerabilities found</th></tr>
<tr class="sub-header">
<th>Package</th>
<th>Vulnerability ID</th>
<th>Severity</th>
<th>Installed Version</th>
<th>Fixed Version</th>
<th>Links</th>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">vim-minimal</td>
<td>CVE-2022-1785</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2:8.0.1763-19.el8_6.2</td>
<td>2:8.0.1763-19.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:5942">https://access.redhat.com/errata/RHSA-2022:5942</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-1785">https://access.redhat.com/security/cve/CVE-2022-1785</a>
<a href="https://bugzilla.redhat.com/2088689">https://bugzilla.redhat.com/2088689</a>
<a href="https://bugzilla.redhat.com/2091682">https://bugzilla.redhat.com/2091682</a>
<a href="https://bugzilla.redhat.com/2091687">https://bugzilla.redhat.com/2091687</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1785</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-5942.html">https://errata.almalinux.org/9/ALSA-2022-5942.html</a>
<a href="https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839">https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839</a>
<a href="https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109">https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109</a>
<a href="https://linux.oracle.com/cve/CVE-2022-1785.html">https://linux.oracle.com/cve/CVE-2022-1785.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-5942.html">https://linux.oracle.com/errata/ELSA-2022-5942.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-1785">https://nvd.nist.gov/vuln/detail/CVE-2022-1785</a>
<a href="https://ubuntu.com/security/notices/USN-5498-1">https://ubuntu.com/security/notices/USN-5498-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">vim-minimal</td>
<td>CVE-2022-1897</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2:8.0.1763-19.el8_6.2</td>
<td>2:8.0.1763-19.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:5942">https://access.redhat.com/errata/RHSA-2022:5942</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-1897">https://access.redhat.com/security/cve/CVE-2022-1897</a>
<a href="https://bugzilla.redhat.com/2088689">https://bugzilla.redhat.com/2088689</a>
<a href="https://bugzilla.redhat.com/2091682">https://bugzilla.redhat.com/2091682</a>
<a href="https://bugzilla.redhat.com/2091687">https://bugzilla.redhat.com/2091687</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1897</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-5942.html">https://errata.almalinux.org/9/ALSA-2022-5942.html</a>
<a href="https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a">https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a</a>
<a href="https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)">https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023)</a>
<a href="https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118">https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118</a>
<a href="https://linux.oracle.com/cve/CVE-2022-1897.html">https://linux.oracle.com/cve/CVE-2022-1897.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-5942.html">https://linux.oracle.com/errata/ELSA-2022-5942.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/</a>
<a href="https://ubuntu.com/security/notices/USN-5507-1">https://ubuntu.com/security/notices/USN-5507-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">vim-minimal</td>
<td>CVE-2022-1927</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">2:8.0.1763-19.el8_6.2</td>
<td>2:8.0.1763-19.el8_6.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:5942">https://access.redhat.com/errata/RHSA-2022:5942</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1785.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1897.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1927.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-1927">https://access.redhat.com/security/cve/CVE-2022-1927</a>
<a href="https://bugzilla.redhat.com/2088689">https://bugzilla.redhat.com/2088689</a>
<a href="https://bugzilla.redhat.com/2091682">https://bugzilla.redhat.com/2091682</a>
<a href="https://bugzilla.redhat.com/2091687">https://bugzilla.redhat.com/2091687</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1927</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-5942.html">https://errata.almalinux.org/9/ALSA-2022-5942.html</a>
<a href="https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010">https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010</a>
<a href="https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)">https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037)</a>
<a href="https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777">https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777</a>
<a href="https://linux.oracle.com/cve/CVE-2022-1927.html">https://linux.oracle.com/cve/CVE-2022-1927.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-5942.html">https://linux.oracle.com/errata/ELSA-2022-5942.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZSLFIKFYU5Y2KM5EJKQNYHWRUBDQ4GJ/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMFHBC5OQXDPV2SDYA2JUQGVCPYASTJB/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TYNK6SDCMOLQJOI3B4AOE66P2G2IH4ZM/</a>
</td>
</tr>
<tr><th colspan="6">No Misconfigurations found</th></tr>
<tr class="group-header"><th colspan="6">python-pkg</th></tr>
<tr><th colspan="6">No Vulnerabilities found</th></tr>

159
trivy-results.sarif
View File

@ -8,11 +8,166 @@
"fullName": "Trivy Vulnerability Scanner",
"informationUri": "https://github.com/aquasecurity/trivy",
"name": "Trivy",
"rules": [],
"rules": [
{
"id": "CVE-2022-1785",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-1785"
},
"fullDescription": {
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-1785",
"help": {
"text": "Vulnerability CVE-2022-1785\nSeverity: MEDIUM\nPackage: vim-minimal\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)\nOut-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",
"markdown": "**Vulnerability CVE-2022-1785**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|vim-minimal|2:8.0.1763-19.el8_6.4|[CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)|\n\nOut-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-1897",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-1897"
},
"fullDescription": {
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-1897",
"help": {
"text": "Vulnerability CVE-2022-1897\nSeverity: MEDIUM\nPackage: vim-minimal\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)\nOut-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"markdown": "**Vulnerability CVE-2022-1897**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|vim-minimal|2:8.0.1763-19.el8_6.4|[CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)|\n\nOut-of-bounds Write in GitHub repository vim/vim prior to 8.2."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-1927",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "CVE-2022-1927"
},
"fullDescription": {
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-1927",
"help": {
"text": "Vulnerability CVE-2022-1927\nSeverity: MEDIUM\nPackage: vim-minimal\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)\nBuffer Over-read in GitHub repository vim/vim prior to 8.2.",
"markdown": "**Vulnerability CVE-2022-1927**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|vim-minimal|2:8.0.1763-19.el8_6.4|[CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)|\n\nBuffer Over-read in GitHub repository vim/vim prior to 8.2."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
}
],
"version": "0.30.4"
}
},
"results": [],
"results": [
{
"ruleId": "CVE-2022-1785",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1897",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
},
{
"ruleId": "CVE-2022-1927",
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
}
}
]
}
],
"columnKind": "utf16CodeUnits",
"originalUriBaseIds": {
"ROOTPATH": {