diff --git a/index.html b/index.html index cd23f81..0e1a491 100644 --- a/index.html +++ b/index.html @@ -51,7 +51,7 @@ } a.toggle-more-links { cursor: pointer; } - docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-01 13:18:16.973209243 +0000 UTC m=+0.816929814 + docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-02 13:17:00.784547344 +0000 UTC m=+1.188358151 -

docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-01 13:18:16.973239543 +0000 UTC m=+0.816960114

+

docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-02 13:17:00.784572844 +0000 UTC m=+1.188383751

@@ -214,6 +214,31 @@ https://www.openwall.com/lists/oss-security/2022/06/30/1 + + + + + + + + @@ -411,6 +436,49 @@ https://ubuntu.com/security/notices/USN-5627-1 + + + + + + + + + + + + + + + + @@ -558,6 +626,46 @@ https://support.apple.com/kb/HT213488 + + + + + + + +
rocky
gnutlsCVE-2022-2509HIGH3.6.16-4.el83.6.16-5.el8_6 + https://access.redhat.com/errata/RHSA-2022:6854 + https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json + https://access.redhat.com/security/cve/CVE-2022-2509 + https://bugzilla.redhat.com/2108977 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509 + https://errata.almalinux.org/9/ALSA-2022-6854.html + https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07) + https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07 + https://linux.oracle.com/cve/CVE-2022-2509.html + https://linux.oracle.com/errata/ELSA-2022-7105.html + https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/ + https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html + https://nvd.nist.gov/vuln/detail/CVE-2022-2509 + https://ubuntu.com/security/notices/USN-5550-1 + https://www.debian.org/security/2022/dsa-5203 +
libcurl-minimal CVE-2022-32206
sqlite-libsCVE-2020-35527CRITICAL3.26.0-15.el83.26.0-16.el8_6 + https://access.redhat.com/errata/RHSA-2022:7108 + https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json + https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json + https://access.redhat.com/security/cve/CVE-2020-35527 + https://bugzilla.redhat.com/2122324 + https://bugzilla.redhat.com/2122329 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35527 + https://errata.almalinux.org/8/ALSA-2022-7108.html + https://linux.oracle.com/cve/CVE-2020-35527.html + https://linux.oracle.com/errata/ELSA-2022-7108.html + https://ubuntu.com/security/notices/USN-5615-1 + https://www.sqlite.org/src/info/c431b3fd8fd0f6a6 +
sqlite-libsCVE-2020-35525HIGH3.26.0-15.el83.26.0-16.el8_6 + https://access.redhat.com/errata/RHSA-2022:7108 + https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json + https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json + https://access.redhat.com/security/cve/CVE-2020-35525 + https://bugzilla.redhat.com/2122324 + https://bugzilla.redhat.com/2122329 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35525 + https://errata.almalinux.org/8/ALSA-2022-7108.html + https://linux.oracle.com/cve/CVE-2020-35525.html + https://linux.oracle.com/errata/ELSA-2022-7108.html + https://ubuntu.com/security/notices/USN-5615-1 + https://ubuntu.com/security/notices/USN-5615-2 + https://www.sqlite.org/src/info/a67cf5b7d37d5b14 +
systemd CVE-2022-2526
zlibCVE-2022-37434CRITICAL1.2.11-18.el8_51.2.11-19.el8_6 + http://seclists.org/fulldisclosure/2022/Oct/41 + http://www.openwall.com/lists/oss-security/2022/08/05/2 + http://www.openwall.com/lists/oss-security/2022/08/09/1 + https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json + https://access.redhat.com/security/cve/CVE-2022-37434 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434 + https://github.com/curl/curl/issues/9271 + https://github.com/ivd38/zlib_overflow + https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063 + https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 + https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764 + https://linux.oracle.com/cve/CVE-2022-37434.html + https://linux.oracle.com/errata/ELSA-2022-7106.html + https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/ + https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/ + https://nvd.nist.gov/vuln/detail/CVE-2022-37434 + https://security.netapp.com/advisory/ntap-20220901-0005/ + https://support.apple.com/kb/HT213488 + https://support.apple.com/kb/HT213489 + https://support.apple.com/kb/HT213490 + https://support.apple.com/kb/HT213491 + https://support.apple.com/kb/HT213493 + https://support.apple.com/kb/HT213494 + https://ubuntu.com/security/notices/USN-5570-1 + https://ubuntu.com/security/notices/USN-5570-2 + https://ubuntu.com/security/notices/USN-5573-1 + https://www.debian.org/security/2022/dsa-5218 +
No Misconfigurations found
diff --git a/trivy-results.sarif b/trivy-results.sarif index 9a2eb73..6b8d064 100644 --- a/trivy-results.sarif +++ b/trivy-results.sarif @@ -117,6 +117,33 @@ ] } }, + { + "id": "CVE-2022-2509", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "gnutls: Double free during gnutls_pkcs7_verify" + }, + "fullDescription": { + "text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://avd.aquasec.com/nvd/cve-2022-2509", + "help": { + "text": "Vulnerability CVE-2022-2509\nSeverity: HIGH\nPackage: gnutls\nFixed Version: 3.6.16-5.el8_6\nLink: [CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.", + "markdown": "**Vulnerability CVE-2022-2509**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|gnutls|3.6.16-5.el8_6|[CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)|\n\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function." + }, + "properties": { + "precision": "very-high", + "security-severity": "7.5", + "tags": [ + "vulnerability", + "security", + "HIGH" + ] + } + }, { "id": "CVE-2022-1292", "name": "OsPackageVulnerability", @@ -225,6 +252,60 @@ ] } }, + { + "id": "CVE-2020-35527", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "sqlite: Out of bounds access during table rename" + }, + "fullDescription": { + "text": "In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://avd.aquasec.com/nvd/cve-2020-35527", + "help": { + "text": "Vulnerability CVE-2020-35527\nSeverity: CRITICAL\nPackage: sqlite-libs\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.", + "markdown": "**Vulnerability CVE-2020-35527**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|sqlite-libs|3.26.0-16.el8_6|[CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)|\n\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause." + }, + "properties": { + "precision": "very-high", + "security-severity": "9.8", + "tags": [ + "vulnerability", + "security", + "CRITICAL" + ] + } + }, + { + "id": "CVE-2020-35525", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "sqlite: Null pointer derreference in src/select.c" + }, + "fullDescription": { + "text": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://avd.aquasec.com/nvd/cve-2020-35525", + "help": { + "text": "Vulnerability CVE-2020-35525\nSeverity: HIGH\nPackage: sqlite-libs\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.", + "markdown": "**Vulnerability CVE-2020-35525**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|sqlite-libs|3.26.0-16.el8_6|[CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)|\n\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing." + }, + "properties": { + "precision": "very-high", + "security-severity": "7.5", + "tags": [ + "vulnerability", + "security", + "HIGH" + ] + } + }, { "id": "CVE-2022-2526", "name": "OsPackageVulnerability", @@ -332,6 +413,33 @@ "HIGH" ] } + }, + { + "id": "CVE-2022-37434", + "name": "OsPackageVulnerability", + "shortDescription": { + "text": "zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field" + }, + "fullDescription": { + "text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)." + }, + "defaultConfiguration": { + "level": "error" + }, + "helpUri": "https://avd.aquasec.com/nvd/cve-2022-37434", + "help": { + "text": "Vulnerability CVE-2022-37434\nSeverity: CRITICAL\nPackage: zlib\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).", + "markdown": "**Vulnerability CVE-2022-37434**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|zlib|1.2.11-19.el8_6|[CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)|\n\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)." + }, + "properties": { + "precision": "very-high", + "security-severity": "9.8", + "tags": [ + "vulnerability", + "security", + "CRITICAL" + ] + } } ], "version": "0.34.0" @@ -446,6 +554,33 @@ } ] }, + { + "ruleId": "CVE-2022-2509", + "ruleIndex": 4, + "level": "error", + "message": { + "text": "Package: gnutls\nInstalled Version: 3.6.16-4.el8\nVulnerability CVE-2022-2509\nSeverity: HIGH\nFixed Version: 3.6.16-5.el8_6\nLink: [CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rockylinux/rockylinux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "rockylinux/rockylinux: gnutls@3.6.16-4.el8" + } + } + ] + }, { "ruleId": "CVE-2022-32206", "ruleIndex": 0, @@ -502,7 +637,7 @@ }, { "ruleId": "CVE-2022-1292", - "ruleIndex": 4, + "ruleIndex": 5, "level": "error", "message": { "text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)" @@ -529,7 +664,7 @@ }, { "ruleId": "CVE-2022-2068", - "ruleIndex": 5, + "ruleIndex": 6, "level": "error", "message": { "text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)" @@ -556,7 +691,7 @@ }, { "ruleId": "CVE-2022-2097", - "ruleIndex": 6, + "ruleIndex": 7, "level": "warning", "message": { "text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)" @@ -583,7 +718,7 @@ }, { "ruleId": "CVE-2022-1586", - "ruleIndex": 7, + "ruleIndex": 8, "level": "error", "message": { "text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)" @@ -608,9 +743,63 @@ } ] }, + { + "ruleId": "CVE-2020-35527", + "ruleIndex": 9, + "level": "error", + "message": { + "text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35527\nSeverity: CRITICAL\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rockylinux/rockylinux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "rockylinux/rockylinux: sqlite-libs@3.26.0-15.el8" + } + } + ] + }, + { + "ruleId": "CVE-2020-35525", + "ruleIndex": 10, + "level": "error", + "message": { + "text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35525\nSeverity: HIGH\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rockylinux/rockylinux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "rockylinux/rockylinux: sqlite-libs@3.26.0-15.el8" + } + } + ] + }, { "ruleId": "CVE-2022-2526", - "ruleIndex": 8, + "ruleIndex": 11, "level": "error", "message": { "text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)" @@ -637,7 +826,7 @@ }, { "ruleId": "CVE-2022-2526", - "ruleIndex": 8, + "ruleIndex": 11, "level": "error", "message": { "text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)" @@ -664,7 +853,7 @@ }, { "ruleId": "CVE-2022-2526", - "ruleIndex": 8, + "ruleIndex": 11, "level": "error", "message": { "text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)" @@ -691,7 +880,7 @@ }, { "ruleId": "CVE-2022-1785", - "ruleIndex": 9, + "ruleIndex": 12, "level": "error", "message": { "text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)" @@ -718,7 +907,7 @@ }, { "ruleId": "CVE-2022-1897", - "ruleIndex": 10, + "ruleIndex": 13, "level": "error", "message": { "text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)" @@ -745,7 +934,7 @@ }, { "ruleId": "CVE-2022-1927", - "ruleIndex": 11, + "ruleIndex": 14, "level": "error", "message": { "text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)" @@ -769,6 +958,33 @@ } } ] + }, + { + "ruleId": "CVE-2022-37434", + "ruleIndex": 15, + "level": "error", + "message": { + "text": "Package: zlib\nInstalled Version: 1.2.11-18.el8_5\nVulnerability CVE-2022-37434\nSeverity: CRITICAL\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)" + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "rockylinux/rockylinux", + "uriBaseId": "ROOTPATH" + }, + "region": { + "startLine": 1, + "startColumn": 1, + "endLine": 1, + "endColumn": 1 + } + }, + "message": { + "text": "rockylinux/rockylinux: zlib@1.2.11-18.el8_5" + } + } + ] } ], "columnKind": "utf16CodeUnits",