deploy: 9faa504140
This commit is contained in:
parent
778ee185e9
commit
a36f09b9e4
94
index.html
94
index.html
|
@ -51,7 +51,7 @@
|
|||
}
|
||||
a.toggle-more-links { cursor: pointer; }
|
||||
</style>
|
||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-29 13:14:10.374556942 +0000 UTC m=+1.546012454 </title>
|
||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-30 13:15:32.273291924 +0000 UTC m=+1.568723264 </title>
|
||||
<script>
|
||||
window.onload = function() {
|
||||
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
||||
|
@ -81,7 +81,7 @@
|
|||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-29 13:14:10.374608242 +0000 UTC m=+1.546063654</h1>
|
||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-08-30 13:15:32.273331124 +0000 UTC m=+1.568762564</h1>
|
||||
<table>
|
||||
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
||||
<tr class="sub-header">
|
||||
|
@ -92,6 +92,96 @@
|
|||
<th>Fixed Version</th>
|
||||
<th>Links</th>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">curl</td>
|
||||
<td>CVE-2022-32206</td>
|
||||
<td class="severity">MEDIUM</td>
|
||||
<td class="pkg-version">7.61.1-22.el8_6.3</td>
|
||||
<td>7.61.1-22.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-32206">https://access.redhat.com/security/cve/CVE-2022-32206</a>
|
||||
<a href="https://curl.se/docs/CVE-2022-32206.html">https://curl.se/docs/CVE-2022-32206.html</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206</a>
|
||||
<a href="https://hackerone.com/reports/1570651">https://hackerone.com/reports/1570651</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-32206.html">https://linux.oracle.com/cve/CVE-2022-32206.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
|
||||
<a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32206">https://nvd.nist.gov/vuln/detail/CVE-2022-32206</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5495-1">https://ubuntu.com/security/notices/USN-5495-1</a>
|
||||
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">curl</td>
|
||||
<td>CVE-2022-32208</td>
|
||||
<td class="severity">MEDIUM</td>
|
||||
<td class="pkg-version">7.61.1-22.el8_6.3</td>
|
||||
<td>7.61.1-22.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-32208">https://access.redhat.com/security/cve/CVE-2022-32208</a>
|
||||
<a href="https://curl.se/docs/CVE-2022-32208.html">https://curl.se/docs/CVE-2022-32208.html</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208</a>
|
||||
<a href="https://hackerone.com/reports/1590071">https://hackerone.com/reports/1590071</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-32208.html">https://linux.oracle.com/cve/CVE-2022-32208.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
|
||||
<a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32208">https://nvd.nist.gov/vuln/detail/CVE-2022-32208</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5495-1">https://ubuntu.com/security/notices/USN-5495-1</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5499-1">https://ubuntu.com/security/notices/USN-5499-1</a>
|
||||
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">libcurl-minimal</td>
|
||||
<td>CVE-2022-32206</td>
|
||||
<td class="severity">MEDIUM</td>
|
||||
<td class="pkg-version">7.61.1-22.el8_6.3</td>
|
||||
<td>7.61.1-22.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-32206">https://access.redhat.com/security/cve/CVE-2022-32206</a>
|
||||
<a href="https://curl.se/docs/CVE-2022-32206.html">https://curl.se/docs/CVE-2022-32206.html</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32206</a>
|
||||
<a href="https://hackerone.com/reports/1570651">https://hackerone.com/reports/1570651</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-32206.html">https://linux.oracle.com/cve/CVE-2022-32206.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
|
||||
<a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32206">https://nvd.nist.gov/vuln/detail/CVE-2022-32206</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5495-1">https://ubuntu.com/security/notices/USN-5495-1</a>
|
||||
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">libcurl-minimal</td>
|
||||
<td>CVE-2022-32208</td>
|
||||
<td class="severity">MEDIUM</td>
|
||||
<td class="pkg-version">7.61.1-22.el8_6.3</td>
|
||||
<td>7.61.1-22.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json</a>
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-32208">https://access.redhat.com/security/cve/CVE-2022-32208</a>
|
||||
<a href="https://curl.se/docs/CVE-2022-32208.html">https://curl.se/docs/CVE-2022-32208.html</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32208</a>
|
||||
<a href="https://hackerone.com/reports/1590071">https://hackerone.com/reports/1590071</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-32208.html">https://linux.oracle.com/cve/CVE-2022-32208.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6159.html">https://linux.oracle.com/errata/ELSA-2022-6159.html</a>
|
||||
<a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32208">https://nvd.nist.gov/vuln/detail/CVE-2022-32208</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5495-1">https://ubuntu.com/security/notices/USN-5495-1</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5499-1">https://ubuntu.com/security/notices/USN-5499-1</a>
|
||||
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">vim-minimal</td>
|
||||
<td>CVE-2022-1785</td>
|
||||
|
|
|
@ -9,6 +9,60 @@
|
|||
"informationUri": "https://github.com/aquasecurity/trivy",
|
||||
"name": "Trivy",
|
||||
"rules": [
|
||||
{
|
||||
"id": "CVE-2022-32206",
|
||||
"name": "OsPackageVulnerability",
|
||||
"shortDescription": {
|
||||
"text": "CVE-2022-32206"
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": "curl \u0026lt; 7.84.0 supports \u0026#34;chained\u0026#34; HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \u0026#34;links\u0026#34; in this \u0026#34;decompression chain\u0026#34; was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \u0026#34;malloc bomb\u0026#34;, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "warning"
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-32206",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2022-32206\nSeverity: MEDIUM\nPackage: libcurl-minimal\nFixed Version: 7.61.1-22.el8_6.4\nLink: [CVE-2022-32206](https://avd.aquasec.com/nvd/cve-2022-32206)\ncurl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
|
||||
"markdown": "**Vulnerability CVE-2022-32206**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libcurl-minimal|7.61.1-22.el8_6.4|[CVE-2022-32206](https://avd.aquasec.com/nvd/cve-2022-32206)|\n\ncurl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
|
||||
},
|
||||
"properties": {
|
||||
"precision": "very-high",
|
||||
"security-severity": "5.5",
|
||||
"tags": [
|
||||
"vulnerability",
|
||||
"security",
|
||||
"MEDIUM"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "CVE-2022-32208",
|
||||
"name": "OsPackageVulnerability",
|
||||
"shortDescription": {
|
||||
"text": "CVE-2022-32208"
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": "When curl \u0026lt; 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "warning"
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-32208",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2022-32208\nSeverity: MEDIUM\nPackage: libcurl-minimal\nFixed Version: 7.61.1-22.el8_6.4\nLink: [CVE-2022-32208](https://avd.aquasec.com/nvd/cve-2022-32208)\nWhen curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
|
||||
"markdown": "**Vulnerability CVE-2022-32208**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libcurl-minimal|7.61.1-22.el8_6.4|[CVE-2022-32208](https://avd.aquasec.com/nvd/cve-2022-32208)|\n\nWhen curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client."
|
||||
},
|
||||
"properties": {
|
||||
"precision": "very-high",
|
||||
"security-severity": "5.5",
|
||||
"tags": [
|
||||
"vulnerability",
|
||||
"security",
|
||||
"MEDIUM"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "CVE-2022-1785",
|
||||
"name": "OsPackageVulnerability",
|
||||
|
@ -96,9 +150,105 @@
|
|||
},
|
||||
"results": [
|
||||
{
|
||||
"ruleId": "CVE-2022-1785",
|
||||
"ruleId": "CVE-2022-32206",
|
||||
"ruleIndex": 0,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: curl\nInstalled Version: 7.61.1-22.el8_6.3\nVulnerability CVE-2022-32206\nSeverity: MEDIUM\nFixed Version: 7.61.1-22.el8_6.4\nLink: [CVE-2022-32206](https://avd.aquasec.com/nvd/cve-2022-32206)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-32208",
|
||||
"ruleIndex": 1,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: curl\nInstalled Version: 7.61.1-22.el8_6.3\nVulnerability CVE-2022-32208\nSeverity: MEDIUM\nFixed Version: 7.61.1-22.el8_6.4\nLink: [CVE-2022-32208](https://avd.aquasec.com/nvd/cve-2022-32208)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-32206",
|
||||
"ruleIndex": 0,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: libcurl-minimal\nInstalled Version: 7.61.1-22.el8_6.3\nVulnerability CVE-2022-32206\nSeverity: MEDIUM\nFixed Version: 7.61.1-22.el8_6.4\nLink: [CVE-2022-32206](https://avd.aquasec.com/nvd/cve-2022-32206)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-32208",
|
||||
"ruleIndex": 1,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: libcurl-minimal\nInstalled Version: 7.61.1-22.el8_6.3\nVulnerability CVE-2022-32208\nSeverity: MEDIUM\nFixed Version: 7.61.1-22.el8_6.4\nLink: [CVE-2022-32208](https://avd.aquasec.com/nvd/cve-2022-32208)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1785",
|
||||
"ruleIndex": 2,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
|
||||
},
|
||||
|
@ -121,7 +271,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1897",
|
||||
"ruleIndex": 1,
|
||||
"ruleIndex": 3,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
|
||||
|
@ -145,7 +295,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1927",
|
||||
"ruleIndex": 2,
|
||||
"ruleIndex": 4,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
|
||||
|
|
Loading…
Reference in New Issue