mirror of
https://github.com/rocky-linux/sig-cloud-instance-images.git
synced 2024-10-31 18:31:23 +00:00
deploy: 4fcb0f39f5
This commit is contained in:
parent
62abcf39af
commit
ad9e778fe0
112
index.html
112
index.html
@ -51,7 +51,7 @@
|
|||||||
}
|
}
|
||||||
a.toggle-more-links { cursor: pointer; }
|
a.toggle-more-links { cursor: pointer; }
|
||||||
</style>
|
</style>
|
||||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-01 13:18:16.973209243 +0000 UTC m=+0.816929814 </title>
|
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-02 13:17:00.784547344 +0000 UTC m=+1.188358151 </title>
|
||||||
<script>
|
<script>
|
||||||
window.onload = function() {
|
window.onload = function() {
|
||||||
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
||||||
@ -81,7 +81,7 @@
|
|||||||
</script>
|
</script>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-01 13:18:16.973239543 +0000 UTC m=+0.816960114</h1>
|
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-02 13:17:00.784572844 +0000 UTC m=+1.188383751</h1>
|
||||||
<table>
|
<table>
|
||||||
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
||||||
<tr class="sub-header">
|
<tr class="sub-header">
|
||||||
@ -214,6 +214,31 @@
|
|||||||
<a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">https://www.openwall.com/lists/oss-security/2022/06/30/1</a>
|
<a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">https://www.openwall.com/lists/oss-security/2022/06/30/1</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="severity-HIGH">
|
||||||
|
<td class="pkg-name">gnutls</td>
|
||||||
|
<td>CVE-2022-2509</td>
|
||||||
|
<td class="severity">HIGH</td>
|
||||||
|
<td class="pkg-version">3.6.16-4.el8</td>
|
||||||
|
<td>3.6.16-5.el8_6</td>
|
||||||
|
<td class="links" data-more-links="off">
|
||||||
|
<a href="https://access.redhat.com/errata/RHSA-2022:6854">https://access.redhat.com/errata/RHSA-2022:6854</a>
|
||||||
|
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json</a>
|
||||||
|
<a href="https://access.redhat.com/security/cve/CVE-2022-2509">https://access.redhat.com/security/cve/CVE-2022-2509</a>
|
||||||
|
<a href="https://bugzilla.redhat.com/2108977">https://bugzilla.redhat.com/2108977</a>
|
||||||
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509</a>
|
||||||
|
<a href="https://errata.almalinux.org/9/ALSA-2022-6854.html">https://errata.almalinux.org/9/ALSA-2022-6854.html</a>
|
||||||
|
<a href="https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07)">https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07)</a>
|
||||||
|
<a href="https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07">https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07</a>
|
||||||
|
<a href="https://linux.oracle.com/cve/CVE-2022-2509.html">https://linux.oracle.com/cve/CVE-2022-2509.html</a>
|
||||||
|
<a href="https://linux.oracle.com/errata/ELSA-2022-7105.html">https://linux.oracle.com/errata/ELSA-2022-7105.html</a>
|
||||||
|
<a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html">https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html</a>
|
||||||
|
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/</a>
|
||||||
|
<a href="https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html">https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html</a>
|
||||||
|
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2509">https://nvd.nist.gov/vuln/detail/CVE-2022-2509</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5550-1">https://ubuntu.com/security/notices/USN-5550-1</a>
|
||||||
|
<a href="https://www.debian.org/security/2022/dsa-5203">https://www.debian.org/security/2022/dsa-5203</a>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr class="severity-MEDIUM">
|
<tr class="severity-MEDIUM">
|
||||||
<td class="pkg-name">libcurl-minimal</td>
|
<td class="pkg-name">libcurl-minimal</td>
|
||||||
<td>CVE-2022-32206</td>
|
<td>CVE-2022-32206</td>
|
||||||
@ -411,6 +436,49 @@
|
|||||||
<a href="https://ubuntu.com/security/notices/USN-5627-1">https://ubuntu.com/security/notices/USN-5627-1</a>
|
<a href="https://ubuntu.com/security/notices/USN-5627-1">https://ubuntu.com/security/notices/USN-5627-1</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="severity-CRITICAL">
|
||||||
|
<td class="pkg-name">sqlite-libs</td>
|
||||||
|
<td>CVE-2020-35527</td>
|
||||||
|
<td class="severity">CRITICAL</td>
|
||||||
|
<td class="pkg-version">3.26.0-15.el8</td>
|
||||||
|
<td>3.26.0-16.el8_6</td>
|
||||||
|
<td class="links" data-more-links="off">
|
||||||
|
<a href="https://access.redhat.com/errata/RHSA-2022:7108">https://access.redhat.com/errata/RHSA-2022:7108</a>
|
||||||
|
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json</a>
|
||||||
|
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json</a>
|
||||||
|
<a href="https://access.redhat.com/security/cve/CVE-2020-35527">https://access.redhat.com/security/cve/CVE-2020-35527</a>
|
||||||
|
<a href="https://bugzilla.redhat.com/2122324">https://bugzilla.redhat.com/2122324</a>
|
||||||
|
<a href="https://bugzilla.redhat.com/2122329">https://bugzilla.redhat.com/2122329</a>
|
||||||
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35527">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35527</a>
|
||||||
|
<a href="https://errata.almalinux.org/8/ALSA-2022-7108.html">https://errata.almalinux.org/8/ALSA-2022-7108.html</a>
|
||||||
|
<a href="https://linux.oracle.com/cve/CVE-2020-35527.html">https://linux.oracle.com/cve/CVE-2020-35527.html</a>
|
||||||
|
<a href="https://linux.oracle.com/errata/ELSA-2022-7108.html">https://linux.oracle.com/errata/ELSA-2022-7108.html</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5615-1">https://ubuntu.com/security/notices/USN-5615-1</a>
|
||||||
|
<a href="https://www.sqlite.org/src/info/c431b3fd8fd0f6a6">https://www.sqlite.org/src/info/c431b3fd8fd0f6a6</a>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr class="severity-HIGH">
|
||||||
|
<td class="pkg-name">sqlite-libs</td>
|
||||||
|
<td>CVE-2020-35525</td>
|
||||||
|
<td class="severity">HIGH</td>
|
||||||
|
<td class="pkg-version">3.26.0-15.el8</td>
|
||||||
|
<td>3.26.0-16.el8_6</td>
|
||||||
|
<td class="links" data-more-links="off">
|
||||||
|
<a href="https://access.redhat.com/errata/RHSA-2022:7108">https://access.redhat.com/errata/RHSA-2022:7108</a>
|
||||||
|
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json</a>
|
||||||
|
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json</a>
|
||||||
|
<a href="https://access.redhat.com/security/cve/CVE-2020-35525">https://access.redhat.com/security/cve/CVE-2020-35525</a>
|
||||||
|
<a href="https://bugzilla.redhat.com/2122324">https://bugzilla.redhat.com/2122324</a>
|
||||||
|
<a href="https://bugzilla.redhat.com/2122329">https://bugzilla.redhat.com/2122329</a>
|
||||||
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35525">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35525</a>
|
||||||
|
<a href="https://errata.almalinux.org/8/ALSA-2022-7108.html">https://errata.almalinux.org/8/ALSA-2022-7108.html</a>
|
||||||
|
<a href="https://linux.oracle.com/cve/CVE-2020-35525.html">https://linux.oracle.com/cve/CVE-2020-35525.html</a>
|
||||||
|
<a href="https://linux.oracle.com/errata/ELSA-2022-7108.html">https://linux.oracle.com/errata/ELSA-2022-7108.html</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5615-1">https://ubuntu.com/security/notices/USN-5615-1</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5615-2">https://ubuntu.com/security/notices/USN-5615-2</a>
|
||||||
|
<a href="https://www.sqlite.org/src/info/a67cf5b7d37d5b14">https://www.sqlite.org/src/info/a67cf5b7d37d5b14</a>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr class="severity-CRITICAL">
|
<tr class="severity-CRITICAL">
|
||||||
<td class="pkg-name">systemd</td>
|
<td class="pkg-name">systemd</td>
|
||||||
<td>CVE-2022-2526</td>
|
<td>CVE-2022-2526</td>
|
||||||
@ -558,6 +626,46 @@
|
|||||||
<a href="https://support.apple.com/kb/HT213488">https://support.apple.com/kb/HT213488</a>
|
<a href="https://support.apple.com/kb/HT213488">https://support.apple.com/kb/HT213488</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="severity-CRITICAL">
|
||||||
|
<td class="pkg-name">zlib</td>
|
||||||
|
<td>CVE-2022-37434</td>
|
||||||
|
<td class="severity">CRITICAL</td>
|
||||||
|
<td class="pkg-version">1.2.11-18.el8_5</td>
|
||||||
|
<td>1.2.11-19.el8_6</td>
|
||||||
|
<td class="links" data-more-links="off">
|
||||||
|
<a href="http://seclists.org/fulldisclosure/2022/Oct/41">http://seclists.org/fulldisclosure/2022/Oct/41</a>
|
||||||
|
<a href="http://www.openwall.com/lists/oss-security/2022/08/05/2">http://www.openwall.com/lists/oss-security/2022/08/05/2</a>
|
||||||
|
<a href="http://www.openwall.com/lists/oss-security/2022/08/09/1">http://www.openwall.com/lists/oss-security/2022/08/09/1</a>
|
||||||
|
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json</a>
|
||||||
|
<a href="https://access.redhat.com/security/cve/CVE-2022-37434">https://access.redhat.com/security/cve/CVE-2022-37434</a>
|
||||||
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434</a>
|
||||||
|
<a href="https://github.com/curl/curl/issues/9271">https://github.com/curl/curl/issues/9271</a>
|
||||||
|
<a href="https://github.com/ivd38/zlib_overflow">https://github.com/ivd38/zlib_overflow</a>
|
||||||
|
<a href="https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063">https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063</a>
|
||||||
|
<a href="https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1">https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1</a>
|
||||||
|
<a href="https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764">https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764</a>
|
||||||
|
<a href="https://linux.oracle.com/cve/CVE-2022-37434.html">https://linux.oracle.com/cve/CVE-2022-37434.html</a>
|
||||||
|
<a href="https://linux.oracle.com/errata/ELSA-2022-7106.html">https://linux.oracle.com/errata/ELSA-2022-7106.html</a>
|
||||||
|
<a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html">https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html</a>
|
||||||
|
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/</a>
|
||||||
|
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/</a>
|
||||||
|
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/</a>
|
||||||
|
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/</a>
|
||||||
|
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/</a>
|
||||||
|
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434">https://nvd.nist.gov/vuln/detail/CVE-2022-37434</a>
|
||||||
|
<a href="https://security.netapp.com/advisory/ntap-20220901-0005/">https://security.netapp.com/advisory/ntap-20220901-0005/</a>
|
||||||
|
<a href="https://support.apple.com/kb/HT213488">https://support.apple.com/kb/HT213488</a>
|
||||||
|
<a href="https://support.apple.com/kb/HT213489">https://support.apple.com/kb/HT213489</a>
|
||||||
|
<a href="https://support.apple.com/kb/HT213490">https://support.apple.com/kb/HT213490</a>
|
||||||
|
<a href="https://support.apple.com/kb/HT213491">https://support.apple.com/kb/HT213491</a>
|
||||||
|
<a href="https://support.apple.com/kb/HT213493">https://support.apple.com/kb/HT213493</a>
|
||||||
|
<a href="https://support.apple.com/kb/HT213494">https://support.apple.com/kb/HT213494</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5570-1">https://ubuntu.com/security/notices/USN-5570-1</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5570-2">https://ubuntu.com/security/notices/USN-5570-2</a>
|
||||||
|
<a href="https://ubuntu.com/security/notices/USN-5573-1">https://ubuntu.com/security/notices/USN-5573-1</a>
|
||||||
|
<a href="https://www.debian.org/security/2022/dsa-5218">https://www.debian.org/security/2022/dsa-5218</a>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
<tr><th colspan="6">No Misconfigurations found</th></tr>
|
||||||
</table>
|
</table>
|
||||||
</body>
|
</body>
|
||||||
|
@ -117,6 +117,33 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "CVE-2022-2509",
|
||||||
|
"name": "OsPackageVulnerability",
|
||||||
|
"shortDescription": {
|
||||||
|
"text": "gnutls: Double free during gnutls_pkcs7_verify"
|
||||||
|
},
|
||||||
|
"fullDescription": {
|
||||||
|
"text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
|
||||||
|
},
|
||||||
|
"defaultConfiguration": {
|
||||||
|
"level": "error"
|
||||||
|
},
|
||||||
|
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-2509",
|
||||||
|
"help": {
|
||||||
|
"text": "Vulnerability CVE-2022-2509\nSeverity: HIGH\nPackage: gnutls\nFixed Version: 3.6.16-5.el8_6\nLink: [CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
|
||||||
|
"markdown": "**Vulnerability CVE-2022-2509**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|gnutls|3.6.16-5.el8_6|[CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)|\n\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
|
||||||
|
},
|
||||||
|
"properties": {
|
||||||
|
"precision": "very-high",
|
||||||
|
"security-severity": "7.5",
|
||||||
|
"tags": [
|
||||||
|
"vulnerability",
|
||||||
|
"security",
|
||||||
|
"HIGH"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "CVE-2022-1292",
|
"id": "CVE-2022-1292",
|
||||||
"name": "OsPackageVulnerability",
|
"name": "OsPackageVulnerability",
|
||||||
@ -225,6 +252,60 @@
|
|||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"id": "CVE-2020-35527",
|
||||||
|
"name": "OsPackageVulnerability",
|
||||||
|
"shortDescription": {
|
||||||
|
"text": "sqlite: Out of bounds access during table rename"
|
||||||
|
},
|
||||||
|
"fullDescription": {
|
||||||
|
"text": "In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause."
|
||||||
|
},
|
||||||
|
"defaultConfiguration": {
|
||||||
|
"level": "error"
|
||||||
|
},
|
||||||
|
"helpUri": "https://avd.aquasec.com/nvd/cve-2020-35527",
|
||||||
|
"help": {
|
||||||
|
"text": "Vulnerability CVE-2020-35527\nSeverity: CRITICAL\nPackage: sqlite-libs\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.",
|
||||||
|
"markdown": "**Vulnerability CVE-2020-35527**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|sqlite-libs|3.26.0-16.el8_6|[CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)|\n\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause."
|
||||||
|
},
|
||||||
|
"properties": {
|
||||||
|
"precision": "very-high",
|
||||||
|
"security-severity": "9.8",
|
||||||
|
"tags": [
|
||||||
|
"vulnerability",
|
||||||
|
"security",
|
||||||
|
"CRITICAL"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "CVE-2020-35525",
|
||||||
|
"name": "OsPackageVulnerability",
|
||||||
|
"shortDescription": {
|
||||||
|
"text": "sqlite: Null pointer derreference in src/select.c"
|
||||||
|
},
|
||||||
|
"fullDescription": {
|
||||||
|
"text": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing."
|
||||||
|
},
|
||||||
|
"defaultConfiguration": {
|
||||||
|
"level": "error"
|
||||||
|
},
|
||||||
|
"helpUri": "https://avd.aquasec.com/nvd/cve-2020-35525",
|
||||||
|
"help": {
|
||||||
|
"text": "Vulnerability CVE-2020-35525\nSeverity: HIGH\nPackage: sqlite-libs\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.",
|
||||||
|
"markdown": "**Vulnerability CVE-2020-35525**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|sqlite-libs|3.26.0-16.el8_6|[CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)|\n\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing."
|
||||||
|
},
|
||||||
|
"properties": {
|
||||||
|
"precision": "very-high",
|
||||||
|
"security-severity": "7.5",
|
||||||
|
"tags": [
|
||||||
|
"vulnerability",
|
||||||
|
"security",
|
||||||
|
"HIGH"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"id": "CVE-2022-2526",
|
"id": "CVE-2022-2526",
|
||||||
"name": "OsPackageVulnerability",
|
"name": "OsPackageVulnerability",
|
||||||
@ -332,6 +413,33 @@
|
|||||||
"HIGH"
|
"HIGH"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"id": "CVE-2022-37434",
|
||||||
|
"name": "OsPackageVulnerability",
|
||||||
|
"shortDescription": {
|
||||||
|
"text": "zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field"
|
||||||
|
},
|
||||||
|
"fullDescription": {
|
||||||
|
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)."
|
||||||
|
},
|
||||||
|
"defaultConfiguration": {
|
||||||
|
"level": "error"
|
||||||
|
},
|
||||||
|
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-37434",
|
||||||
|
"help": {
|
||||||
|
"text": "Vulnerability CVE-2022-37434\nSeverity: CRITICAL\nPackage: zlib\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
|
||||||
|
"markdown": "**Vulnerability CVE-2022-37434**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|zlib|1.2.11-19.el8_6|[CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)|\n\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)."
|
||||||
|
},
|
||||||
|
"properties": {
|
||||||
|
"precision": "very-high",
|
||||||
|
"security-severity": "9.8",
|
||||||
|
"tags": [
|
||||||
|
"vulnerability",
|
||||||
|
"security",
|
||||||
|
"CRITICAL"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": "0.34.0"
|
"version": "0.34.0"
|
||||||
@ -446,6 +554,33 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"ruleId": "CVE-2022-2509",
|
||||||
|
"ruleIndex": 4,
|
||||||
|
"level": "error",
|
||||||
|
"message": {
|
||||||
|
"text": "Package: gnutls\nInstalled Version: 3.6.16-4.el8\nVulnerability CVE-2022-2509\nSeverity: HIGH\nFixed Version: 3.6.16-5.el8_6\nLink: [CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)"
|
||||||
|
},
|
||||||
|
"locations": [
|
||||||
|
{
|
||||||
|
"physicalLocation": {
|
||||||
|
"artifactLocation": {
|
||||||
|
"uri": "rockylinux/rockylinux",
|
||||||
|
"uriBaseId": "ROOTPATH"
|
||||||
|
},
|
||||||
|
"region": {
|
||||||
|
"startLine": 1,
|
||||||
|
"startColumn": 1,
|
||||||
|
"endLine": 1,
|
||||||
|
"endColumn": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
"text": "rockylinux/rockylinux: gnutls@3.6.16-4.el8"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-32206",
|
"ruleId": "CVE-2022-32206",
|
||||||
"ruleIndex": 0,
|
"ruleIndex": 0,
|
||||||
@ -502,7 +637,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-1292",
|
"ruleId": "CVE-2022-1292",
|
||||||
"ruleIndex": 4,
|
"ruleIndex": 5,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
|
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
|
||||||
@ -529,7 +664,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-2068",
|
"ruleId": "CVE-2022-2068",
|
||||||
"ruleIndex": 5,
|
"ruleIndex": 6,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
|
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
|
||||||
@ -556,7 +691,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-2097",
|
"ruleId": "CVE-2022-2097",
|
||||||
"ruleIndex": 6,
|
"ruleIndex": 7,
|
||||||
"level": "warning",
|
"level": "warning",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
|
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
|
||||||
@ -583,7 +718,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-1586",
|
"ruleId": "CVE-2022-1586",
|
||||||
"ruleIndex": 7,
|
"ruleIndex": 8,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
|
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
|
||||||
@ -608,9 +743,63 @@
|
|||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"ruleId": "CVE-2020-35527",
|
||||||
|
"ruleIndex": 9,
|
||||||
|
"level": "error",
|
||||||
|
"message": {
|
||||||
|
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35527\nSeverity: CRITICAL\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)"
|
||||||
|
},
|
||||||
|
"locations": [
|
||||||
|
{
|
||||||
|
"physicalLocation": {
|
||||||
|
"artifactLocation": {
|
||||||
|
"uri": "rockylinux/rockylinux",
|
||||||
|
"uriBaseId": "ROOTPATH"
|
||||||
|
},
|
||||||
|
"region": {
|
||||||
|
"startLine": 1,
|
||||||
|
"startColumn": 1,
|
||||||
|
"endLine": 1,
|
||||||
|
"endColumn": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
"text": "rockylinux/rockylinux: sqlite-libs@3.26.0-15.el8"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ruleId": "CVE-2020-35525",
|
||||||
|
"ruleIndex": 10,
|
||||||
|
"level": "error",
|
||||||
|
"message": {
|
||||||
|
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35525\nSeverity: HIGH\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)"
|
||||||
|
},
|
||||||
|
"locations": [
|
||||||
|
{
|
||||||
|
"physicalLocation": {
|
||||||
|
"artifactLocation": {
|
||||||
|
"uri": "rockylinux/rockylinux",
|
||||||
|
"uriBaseId": "ROOTPATH"
|
||||||
|
},
|
||||||
|
"region": {
|
||||||
|
"startLine": 1,
|
||||||
|
"startColumn": 1,
|
||||||
|
"endLine": 1,
|
||||||
|
"endColumn": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
"text": "rockylinux/rockylinux: sqlite-libs@3.26.0-15.el8"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-2526",
|
"ruleId": "CVE-2022-2526",
|
||||||
"ruleIndex": 8,
|
"ruleIndex": 11,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||||
@ -637,7 +826,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-2526",
|
"ruleId": "CVE-2022-2526",
|
||||||
"ruleIndex": 8,
|
"ruleIndex": 11,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||||
@ -664,7 +853,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-2526",
|
"ruleId": "CVE-2022-2526",
|
||||||
"ruleIndex": 8,
|
"ruleIndex": 11,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||||
@ -691,7 +880,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-1785",
|
"ruleId": "CVE-2022-1785",
|
||||||
"ruleIndex": 9,
|
"ruleIndex": 12,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
|
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
|
||||||
@ -718,7 +907,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-1897",
|
"ruleId": "CVE-2022-1897",
|
||||||
"ruleIndex": 10,
|
"ruleIndex": 13,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
|
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
|
||||||
@ -745,7 +934,7 @@
|
|||||||
},
|
},
|
||||||
{
|
{
|
||||||
"ruleId": "CVE-2022-1927",
|
"ruleId": "CVE-2022-1927",
|
||||||
"ruleIndex": 11,
|
"ruleIndex": 14,
|
||||||
"level": "error",
|
"level": "error",
|
||||||
"message": {
|
"message": {
|
||||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
|
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
|
||||||
@ -769,6 +958,33 @@
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"ruleId": "CVE-2022-37434",
|
||||||
|
"ruleIndex": 15,
|
||||||
|
"level": "error",
|
||||||
|
"message": {
|
||||||
|
"text": "Package: zlib\nInstalled Version: 1.2.11-18.el8_5\nVulnerability CVE-2022-37434\nSeverity: CRITICAL\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)"
|
||||||
|
},
|
||||||
|
"locations": [
|
||||||
|
{
|
||||||
|
"physicalLocation": {
|
||||||
|
"artifactLocation": {
|
||||||
|
"uri": "rockylinux/rockylinux",
|
||||||
|
"uriBaseId": "ROOTPATH"
|
||||||
|
},
|
||||||
|
"region": {
|
||||||
|
"startLine": 1,
|
||||||
|
"startColumn": 1,
|
||||||
|
"endLine": 1,
|
||||||
|
"endColumn": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"message": {
|
||||||
|
"text": "rockylinux/rockylinux: zlib@1.2.11-18.el8_5"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"columnKind": "utf16CodeUnits",
|
"columnKind": "utf16CodeUnits",
|
||||||
|
Loading…
Reference in New Issue
Block a user