This commit is contained in:
NeilHanlon 2022-11-02 13:17:01 +00:00
parent 62abcf39af
commit ad9e778fe0
2 changed files with 336 additions and 12 deletions

View File

@ -51,7 +51,7 @@
} }
a.toggle-more-links { cursor: pointer; } a.toggle-more-links { cursor: pointer; }
</style> </style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-01 13:18:16.973209243 +0000 UTC m=+0.816929814 </title> <title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-02 13:17:00.784547344 +0000 UTC m=+1.188358151 </title>
<script> <script>
window.onload = function() { window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) { document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script> </script>
</head> </head>
<body> <body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-01 13:18:16.973239543 +0000 UTC m=+0.816960114</h1> <h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-11-02 13:17:00.784572844 +0000 UTC m=+1.188383751</h1>
<table> <table>
<tr class="group-header"><th colspan="6">rocky</th></tr> <tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header"> <tr class="sub-header">
@ -214,6 +214,31 @@
<a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">https://www.openwall.com/lists/oss-security/2022/06/30/1</a> <a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">https://www.openwall.com/lists/oss-security/2022/06/30/1</a>
</td> </td>
</tr> </tr>
<tr class="severity-HIGH">
<td class="pkg-name">gnutls</td>
<td>CVE-2022-2509</td>
<td class="severity">HIGH</td>
<td class="pkg-version">3.6.16-4.el8</td>
<td>3.6.16-5.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:6854">https://access.redhat.com/errata/RHSA-2022:6854</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2509.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-2509">https://access.redhat.com/security/cve/CVE-2022-2509</a>
<a href="https://bugzilla.redhat.com/2108977">https://bugzilla.redhat.com/2108977</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2509</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-6854.html">https://errata.almalinux.org/9/ALSA-2022-6854.html</a>
<a href="https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07)">https://gnutls.org/security-new.html (GNUTLS-SA-2022-07-07)</a>
<a href="https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07">https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07</a>
<a href="https://linux.oracle.com/cve/CVE-2022-2509.html">https://linux.oracle.com/cve/CVE-2022-2509.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-7105.html">https://linux.oracle.com/errata/ELSA-2022-7105.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html">https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6FL27JS3VM74YEQU7PGB62USO3KSBYZX/</a>
<a href="https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html">https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-2509">https://nvd.nist.gov/vuln/detail/CVE-2022-2509</a>
<a href="https://ubuntu.com/security/notices/USN-5550-1">https://ubuntu.com/security/notices/USN-5550-1</a>
<a href="https://www.debian.org/security/2022/dsa-5203">https://www.debian.org/security/2022/dsa-5203</a>
</td>
</tr>
<tr class="severity-MEDIUM"> <tr class="severity-MEDIUM">
<td class="pkg-name">libcurl-minimal</td> <td class="pkg-name">libcurl-minimal</td>
<td>CVE-2022-32206</td> <td>CVE-2022-32206</td>
@ -411,6 +436,49 @@
<a href="https://ubuntu.com/security/notices/USN-5627-1">https://ubuntu.com/security/notices/USN-5627-1</a> <a href="https://ubuntu.com/security/notices/USN-5627-1">https://ubuntu.com/security/notices/USN-5627-1</a>
</td> </td>
</tr> </tr>
<tr class="severity-CRITICAL">
<td class="pkg-name">sqlite-libs</td>
<td>CVE-2020-35527</td>
<td class="severity">CRITICAL</td>
<td class="pkg-version">3.26.0-15.el8</td>
<td>3.26.0-16.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:7108">https://access.redhat.com/errata/RHSA-2022:7108</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2020-35527">https://access.redhat.com/security/cve/CVE-2020-35527</a>
<a href="https://bugzilla.redhat.com/2122324">https://bugzilla.redhat.com/2122324</a>
<a href="https://bugzilla.redhat.com/2122329">https://bugzilla.redhat.com/2122329</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35527">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35527</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-7108.html">https://errata.almalinux.org/8/ALSA-2022-7108.html</a>
<a href="https://linux.oracle.com/cve/CVE-2020-35527.html">https://linux.oracle.com/cve/CVE-2020-35527.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-7108.html">https://linux.oracle.com/errata/ELSA-2022-7108.html</a>
<a href="https://ubuntu.com/security/notices/USN-5615-1">https://ubuntu.com/security/notices/USN-5615-1</a>
<a href="https://www.sqlite.org/src/info/c431b3fd8fd0f6a6">https://www.sqlite.org/src/info/c431b3fd8fd0f6a6</a>
</td>
</tr>
<tr class="severity-HIGH">
<td class="pkg-name">sqlite-libs</td>
<td>CVE-2020-35525</td>
<td class="severity">HIGH</td>
<td class="pkg-version">3.26.0-15.el8</td>
<td>3.26.0-16.el8_6</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2022:7108">https://access.redhat.com/errata/RHSA-2022:7108</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35525.json</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35527.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2020-35525">https://access.redhat.com/security/cve/CVE-2020-35525</a>
<a href="https://bugzilla.redhat.com/2122324">https://bugzilla.redhat.com/2122324</a>
<a href="https://bugzilla.redhat.com/2122329">https://bugzilla.redhat.com/2122329</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35525">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35525</a>
<a href="https://errata.almalinux.org/8/ALSA-2022-7108.html">https://errata.almalinux.org/8/ALSA-2022-7108.html</a>
<a href="https://linux.oracle.com/cve/CVE-2020-35525.html">https://linux.oracle.com/cve/CVE-2020-35525.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-7108.html">https://linux.oracle.com/errata/ELSA-2022-7108.html</a>
<a href="https://ubuntu.com/security/notices/USN-5615-1">https://ubuntu.com/security/notices/USN-5615-1</a>
<a href="https://ubuntu.com/security/notices/USN-5615-2">https://ubuntu.com/security/notices/USN-5615-2</a>
<a href="https://www.sqlite.org/src/info/a67cf5b7d37d5b14">https://www.sqlite.org/src/info/a67cf5b7d37d5b14</a>
</td>
</tr>
<tr class="severity-CRITICAL"> <tr class="severity-CRITICAL">
<td class="pkg-name">systemd</td> <td class="pkg-name">systemd</td>
<td>CVE-2022-2526</td> <td>CVE-2022-2526</td>
@ -558,6 +626,46 @@
<a href="https://support.apple.com/kb/HT213488">https://support.apple.com/kb/HT213488</a> <a href="https://support.apple.com/kb/HT213488">https://support.apple.com/kb/HT213488</a>
</td> </td>
</tr> </tr>
<tr class="severity-CRITICAL">
<td class="pkg-name">zlib</td>
<td>CVE-2022-37434</td>
<td class="severity">CRITICAL</td>
<td class="pkg-version">1.2.11-18.el8_5</td>
<td>1.2.11-19.el8_6</td>
<td class="links" data-more-links="off">
<a href="http://seclists.org/fulldisclosure/2022/Oct/41">http://seclists.org/fulldisclosure/2022/Oct/41</a>
<a href="http://www.openwall.com/lists/oss-security/2022/08/05/2">http://www.openwall.com/lists/oss-security/2022/08/05/2</a>
<a href="http://www.openwall.com/lists/oss-security/2022/08/09/1">http://www.openwall.com/lists/oss-security/2022/08/09/1</a>
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37434.json</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-37434">https://access.redhat.com/security/cve/CVE-2022-37434</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434</a>
<a href="https://github.com/curl/curl/issues/9271">https://github.com/curl/curl/issues/9271</a>
<a href="https://github.com/ivd38/zlib_overflow">https://github.com/ivd38/zlib_overflow</a>
<a href="https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063">https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063</a>
<a href="https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1">https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1</a>
<a href="https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764">https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764</a>
<a href="https://linux.oracle.com/cve/CVE-2022-37434.html">https://linux.oracle.com/cve/CVE-2022-37434.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2022-7106.html">https://linux.oracle.com/errata/ELSA-2022-7106.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html">https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JWN4VE3JQR4O2SOUS5TXNLANRPMHWV4I/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMBOJ77A7T7PQCARMDUK75TE6LLESZ3O/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PAVPQNCG3XRLCLNSQRM3KAN5ZFMVXVTY/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5U7OTKZSHY2I3ZFJSR2SHFHW72RKGDK/</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRQAI7H4M4RQZ2IWZUEEXECBE5D56BH2/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-37434">https://nvd.nist.gov/vuln/detail/CVE-2022-37434</a>
<a href="https://security.netapp.com/advisory/ntap-20220901-0005/">https://security.netapp.com/advisory/ntap-20220901-0005/</a>
<a href="https://support.apple.com/kb/HT213488">https://support.apple.com/kb/HT213488</a>
<a href="https://support.apple.com/kb/HT213489">https://support.apple.com/kb/HT213489</a>
<a href="https://support.apple.com/kb/HT213490">https://support.apple.com/kb/HT213490</a>
<a href="https://support.apple.com/kb/HT213491">https://support.apple.com/kb/HT213491</a>
<a href="https://support.apple.com/kb/HT213493">https://support.apple.com/kb/HT213493</a>
<a href="https://support.apple.com/kb/HT213494">https://support.apple.com/kb/HT213494</a>
<a href="https://ubuntu.com/security/notices/USN-5570-1">https://ubuntu.com/security/notices/USN-5570-1</a>
<a href="https://ubuntu.com/security/notices/USN-5570-2">https://ubuntu.com/security/notices/USN-5570-2</a>
<a href="https://ubuntu.com/security/notices/USN-5573-1">https://ubuntu.com/security/notices/USN-5573-1</a>
<a href="https://www.debian.org/security/2022/dsa-5218">https://www.debian.org/security/2022/dsa-5218</a>
</td>
</tr>
<tr><th colspan="6">No Misconfigurations found</th></tr> <tr><th colspan="6">No Misconfigurations found</th></tr>
</table> </table>
</body> </body>

View File

@ -117,6 +117,33 @@
] ]
} }
}, },
{
"id": "CVE-2022-2509",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "gnutls: Double free during gnutls_pkcs7_verify"
},
"fullDescription": {
"text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-2509",
"help": {
"text": "Vulnerability CVE-2022-2509\nSeverity: HIGH\nPackage: gnutls\nFixed Version: 3.6.16-5.el8_6\nLink: [CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
"markdown": "**Vulnerability CVE-2022-2509**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|gnutls|3.6.16-5.el8_6|[CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)|\n\nA vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function."
},
"properties": {
"precision": "very-high",
"security-severity": "7.5",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{ {
"id": "CVE-2022-1292", "id": "CVE-2022-1292",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
@ -225,6 +252,60 @@
] ]
} }
}, },
{
"id": "CVE-2020-35527",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "sqlite: Out of bounds access during table rename"
},
"fullDescription": {
"text": "In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2020-35527",
"help": {
"text": "Vulnerability CVE-2020-35527\nSeverity: CRITICAL\nPackage: sqlite-libs\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.",
"markdown": "**Vulnerability CVE-2020-35527**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|sqlite-libs|3.26.0-16.el8_6|[CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)|\n\nIn SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause."
},
"properties": {
"precision": "very-high",
"security-severity": "9.8",
"tags": [
"vulnerability",
"security",
"CRITICAL"
]
}
},
{
"id": "CVE-2020-35525",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "sqlite: Null pointer derreference in src/select.c"
},
"fullDescription": {
"text": "In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2020-35525",
"help": {
"text": "Vulnerability CVE-2020-35525\nSeverity: HIGH\nPackage: sqlite-libs\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.",
"markdown": "**Vulnerability CVE-2020-35525**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|sqlite-libs|3.26.0-16.el8_6|[CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)|\n\nIn SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing."
},
"properties": {
"precision": "very-high",
"security-severity": "7.5",
"tags": [
"vulnerability",
"security",
"HIGH"
]
}
},
{ {
"id": "CVE-2022-2526", "id": "CVE-2022-2526",
"name": "OsPackageVulnerability", "name": "OsPackageVulnerability",
@ -332,6 +413,33 @@
"HIGH" "HIGH"
] ]
} }
},
{
"id": "CVE-2022-37434",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "zlib: heap-based buffer over-read and overflow in inflate() in inflate.c via a large gzip header extra field"
},
"fullDescription": {
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)."
},
"defaultConfiguration": {
"level": "error"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-37434",
"help": {
"text": "Vulnerability CVE-2022-37434\nSeverity: CRITICAL\nPackage: zlib\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
"markdown": "**Vulnerability CVE-2022-37434**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|CRITICAL|zlib|1.2.11-19.el8_6|[CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)|\n\nzlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference)."
},
"properties": {
"precision": "very-high",
"security-severity": "9.8",
"tags": [
"vulnerability",
"security",
"CRITICAL"
]
}
} }
], ],
"version": "0.34.0" "version": "0.34.0"
@ -446,6 +554,33 @@
} }
] ]
}, },
{
"ruleId": "CVE-2022-2509",
"ruleIndex": 4,
"level": "error",
"message": {
"text": "Package: gnutls\nInstalled Version: 3.6.16-4.el8\nVulnerability CVE-2022-2509\nSeverity: HIGH\nFixed Version: 3.6.16-5.el8_6\nLink: [CVE-2022-2509](https://avd.aquasec.com/nvd/cve-2022-2509)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: gnutls@3.6.16-4.el8"
}
}
]
},
{ {
"ruleId": "CVE-2022-32206", "ruleId": "CVE-2022-32206",
"ruleIndex": 0, "ruleIndex": 0,
@ -502,7 +637,7 @@
}, },
{ {
"ruleId": "CVE-2022-1292", "ruleId": "CVE-2022-1292",
"ruleIndex": 4, "ruleIndex": 5,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)" "text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
@ -529,7 +664,7 @@
}, },
{ {
"ruleId": "CVE-2022-2068", "ruleId": "CVE-2022-2068",
"ruleIndex": 5, "ruleIndex": 6,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)" "text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
@ -556,7 +691,7 @@
}, },
{ {
"ruleId": "CVE-2022-2097", "ruleId": "CVE-2022-2097",
"ruleIndex": 6, "ruleIndex": 7,
"level": "warning", "level": "warning",
"message": { "message": {
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)" "text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
@ -583,7 +718,7 @@
}, },
{ {
"ruleId": "CVE-2022-1586", "ruleId": "CVE-2022-1586",
"ruleIndex": 7, "ruleIndex": 8,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)" "text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
@ -608,9 +743,63 @@
} }
] ]
}, },
{
"ruleId": "CVE-2020-35527",
"ruleIndex": 9,
"level": "error",
"message": {
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35527\nSeverity: CRITICAL\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35527](https://avd.aquasec.com/nvd/cve-2020-35527)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: sqlite-libs@3.26.0-15.el8"
}
}
]
},
{
"ruleId": "CVE-2020-35525",
"ruleIndex": 10,
"level": "error",
"message": {
"text": "Package: sqlite-libs\nInstalled Version: 3.26.0-15.el8\nVulnerability CVE-2020-35525\nSeverity: HIGH\nFixed Version: 3.26.0-16.el8_6\nLink: [CVE-2020-35525](https://avd.aquasec.com/nvd/cve-2020-35525)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: sqlite-libs@3.26.0-15.el8"
}
}
]
},
{ {
"ruleId": "CVE-2022-2526", "ruleId": "CVE-2022-2526",
"ruleIndex": 8, "ruleIndex": 11,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)" "text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -637,7 +826,7 @@
}, },
{ {
"ruleId": "CVE-2022-2526", "ruleId": "CVE-2022-2526",
"ruleIndex": 8, "ruleIndex": 11,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)" "text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -664,7 +853,7 @@
}, },
{ {
"ruleId": "CVE-2022-2526", "ruleId": "CVE-2022-2526",
"ruleIndex": 8, "ruleIndex": 11,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)" "text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
@ -691,7 +880,7 @@
}, },
{ {
"ruleId": "CVE-2022-1785", "ruleId": "CVE-2022-1785",
"ruleIndex": 9, "ruleIndex": 12,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)" "text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
@ -718,7 +907,7 @@
}, },
{ {
"ruleId": "CVE-2022-1897", "ruleId": "CVE-2022-1897",
"ruleIndex": 10, "ruleIndex": 13,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)" "text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
@ -745,7 +934,7 @@
}, },
{ {
"ruleId": "CVE-2022-1927", "ruleId": "CVE-2022-1927",
"ruleIndex": 11, "ruleIndex": 14,
"level": "error", "level": "error",
"message": { "message": {
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)" "text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
@ -769,6 +958,33 @@
} }
} }
] ]
},
{
"ruleId": "CVE-2022-37434",
"ruleIndex": 15,
"level": "error",
"message": {
"text": "Package: zlib\nInstalled Version: 1.2.11-18.el8_5\nVulnerability CVE-2022-37434\nSeverity: CRITICAL\nFixed Version: 1.2.11-19.el8_6\nLink: [CVE-2022-37434](https://avd.aquasec.com/nvd/cve-2022-37434)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: zlib@1.2.11-18.el8_5"
}
}
]
} }
], ],
"columnKind": "utf16CodeUnits", "columnKind": "utf16CodeUnits",