sig_cloud
/
sig-cloud-instance-images
mirror of https://github.com/rocky-linux/sig-cloud-instance-images.git
4
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

deploy: 8ccce7fd31

This commit is contained in:
NeilHanlon 2023-03-15 13:06:00 +00:00
parent b3c52510ef
commit b7163d582a
2 changed files with 309 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
index.html
View File

@ -51,7 +51,7 @@
}
a.toggle-more-links { cursor: pointer; }
</style>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-14 13:12:00.083386159 +0000 UTC m=+1.927223576 </title>
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-15 13:05:59.866056283 +0000 UTC m=+0.772464739 </title>
<script>
window.onload = function() {
document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
</script>
</head>
<body>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-14 13:12:00.083429559 +0000 UTC m=+1.927266976</h1>
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-03-15 13:05:59.866083284 +0000 UTC m=+0.772491840</h1>
<table>
<tr class="group-header"><th colspan="6">rocky</th></tr>
<tr class="sub-header">
@ -92,6 +92,58 @@
<th>Fixed Version</th>
<th>Links</th>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">curl</td>
<td>CVE-2023-23916</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">7.61.1-25.el8_7.1</td>
<td>7.61.1-25.el8_7.3</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:1140">https://access.redhat.com/errata/RHSA-2023:1140</a>
<a href="https://access.redhat.com/security/cve/CVE-2023-23916">https://access.redhat.com/security/cve/CVE-2023-23916</a>
<a href="https://bugzilla.redhat.com/2167815">https://bugzilla.redhat.com/2167815</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2167815">https://bugzilla.redhat.com/show_bug.cgi?id=2167815</a>
<a href="https://curl.se/docs/CVE-2023-23916.html">https://curl.se/docs/CVE-2023-23916.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-1140.html">https://errata.almalinux.org/8/ALSA-2023-1140.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:1140">https://errata.rockylinux.org/RLSA-2023:1140</a>
<a href="https://hackerone.com/reports/1826048">https://hackerone.com/reports/1826048</a>
<a href="https://linux.oracle.com/cve/CVE-2023-23916.html">https://linux.oracle.com/cve/CVE-2023-23916.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-1140.html">https://linux.oracle.com/errata/ELSA-2023-1140.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html">https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2023-23916">https://nvd.nist.gov/vuln/detail/CVE-2023-23916</a>
<a href="https://security.netapp.com/advisory/ntap-20230309-0006/">https://security.netapp.com/advisory/ntap-20230309-0006/</a>
<a href="https://ubuntu.com/security/notices/USN-5891-1">https://ubuntu.com/security/notices/USN-5891-1</a>
<a href="https://www.debian.org/security/2023/dsa-5365">https://www.debian.org/security/2023/dsa-5365</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">libcurl-minimal</td>
<td>CVE-2023-23916</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">7.61.1-25.el8_7.1</td>
<td>7.61.1-25.el8_7.3</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:1140">https://access.redhat.com/errata/RHSA-2023:1140</a>
<a href="https://access.redhat.com/security/cve/CVE-2023-23916">https://access.redhat.com/security/cve/CVE-2023-23916</a>
<a href="https://bugzilla.redhat.com/2167815">https://bugzilla.redhat.com/2167815</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2167815">https://bugzilla.redhat.com/show_bug.cgi?id=2167815</a>
<a href="https://curl.se/docs/CVE-2023-23916.html">https://curl.se/docs/CVE-2023-23916.html</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-1140.html">https://errata.almalinux.org/8/ALSA-2023-1140.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:1140">https://errata.rockylinux.org/RLSA-2023:1140</a>
<a href="https://hackerone.com/reports/1826048">https://hackerone.com/reports/1826048</a>
<a href="https://linux.oracle.com/cve/CVE-2023-23916.html">https://linux.oracle.com/cve/CVE-2023-23916.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-1140.html">https://linux.oracle.com/errata/ELSA-2023-1140.html</a>
<a href="https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html">https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html</a>
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2023-23916">https://nvd.nist.gov/vuln/detail/CVE-2023-23916</a>
<a href="https://security.netapp.com/advisory/ntap-20230309-0006/">https://security.netapp.com/advisory/ntap-20230309-0006/</a>
<a href="https://ubuntu.com/security/notices/USN-5891-1">https://ubuntu.com/security/notices/USN-5891-1</a>
<a href="https://www.debian.org/security/2023/dsa-5365">https://www.debian.org/security/2023/dsa-5365</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">platform-python</td>
<td>CVE-2020-10735</td>
@ -101,11 +153,9 @@
<td class="links" data-more-links="off">
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/1">http://www.openwall.com/lists/oss-security/2022/09/21/1</a>
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/4">http://www.openwall.com/lists/oss-security/2022/09/21/4</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/errata/RHSA-2022:7323">https://access.redhat.com/errata/RHSA-2022:7323</a>
<a href="https://access.redhat.com/security/cve/CVE-2020-10735">https://access.redhat.com/security/cve/CVE-2020-10735</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
@ -113,7 +163,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y">https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-7323.html">https://errata.almalinux.org/9/ALSA-2022-7323.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/95778">https://github.com/python/cpython/issues/95778</a>
<a href="https://linux.oracle.com/cve/CVE-2020-10735.html">https://linux.oracle.com/cve/CVE-2020-10735.html</a>
@ -148,12 +198,11 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/errata/RHSA-2022:8353">https://access.redhat.com/errata/RHSA-2022:8353</a>
<a href="https://access.redhat.com/security/cve/CVE-2021-28861">https://access.redhat.com/security/cve/CVE-2021-28861</a>
<a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2075390">https://bugzilla.redhat.com/2075390</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2054702">https://bugzilla.redhat.com/show_bug.cgi?id=2054702</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2059951">https://bugzilla.redhat.com/show_bug.cgi?id=2059951</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2075390">https://bugzilla.redhat.com/show_bug.cgi?id=2075390</a>
@ -161,7 +210,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2128249">https://bugzilla.redhat.com/show_bug.cgi?id=2128249</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-8353.html">https://errata.almalinux.org/9/ALSA-2022-8353.html</a>
<a href="https://errata.rockylinux.org/RLSA-2022:8353">https://errata.rockylinux.org/RLSA-2022:8353</a>
<a href="https://github.com/python/cpython/pull/24848">https://github.com/python/cpython/pull/24848</a>
<a href="https://github.com/python/cpython/pull/93879">https://github.com/python/cpython/pull/93879</a>
@ -193,10 +242,8 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0953">https://access.redhat.com/errata/RHSA-2023:0953</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-45061">https://access.redhat.com/security/cve/CVE-2022-45061</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
@ -204,7 +251,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0953.html">https://errata.almalinux.org/9/ALSA-2023-0953.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/98433">https://github.com/python/cpython/issues/98433</a>
<a href="https://github.com/python/cpython/pull/99092">https://github.com/python/cpython/pull/99092</a>
@ -246,6 +293,35 @@
<a href="https://ubuntu.com/security/notices/USN-5888-1">https://ubuntu.com/security/notices/USN-5888-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">platform-python-setuptools</td>
<td>CVE-2022-40897</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">39.2.0-6.el8</td>
<td>39.2.0-6.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0952">https://access.redhat.com/errata/RHSA-2023:0952</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-40897">https://access.redhat.com/security/cve/CVE-2022-40897</a>
<a href="https://bugzilla.redhat.com/2158559">https://bugzilla.redhat.com/2158559</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2158559">https://bugzilla.redhat.com/show_bug.cgi?id=2158559</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0952.html">https://errata.almalinux.org/9/ALSA-2023-0952.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0835">https://errata.rockylinux.org/RLSA-2023:0835</a>
<a href="https://github.com/advisories/GHSA-r9hx-vwmv-q579">https://github.com/advisories/GHSA-r9hx-vwmv-q579</a>
<a href="https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200">https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200</a>
<a href="https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be">https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be</a>
<a href="https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1">https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1</a>
<a href="https://github.com/pypa/setuptools/issues/3659">https://github.com/pypa/setuptools/issues/3659</a>
<a href="https://linux.oracle.com/cve/CVE-2022-40897.html">https://linux.oracle.com/cve/CVE-2022-40897.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0952.html">https://linux.oracle.com/errata/ELSA-2023-0952.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">https://nvd.nist.gov/vuln/detail/CVE-2022-40897</a>
<a href="https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/">https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/</a>
<a href="https://pyup.io/vulnerabilities/CVE-2022-40897/52495/">https://pyup.io/vulnerabilities/CVE-2022-40897/52495/</a>
<a href="https://security.netapp.com/advisory/ntap-20230214-0001/">https://security.netapp.com/advisory/ntap-20230214-0001/</a>
<a href="https://setuptools.pypa.io/en/latest/">https://setuptools.pypa.io/en/latest/</a>
<a href="https://ubuntu.com/security/notices/USN-5817-1">https://ubuntu.com/security/notices/USN-5817-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">python3-libs</td>
<td>CVE-2020-10735</td>
@ -255,11 +331,9 @@
<td class="links" data-more-links="off">
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/1">http://www.openwall.com/lists/oss-security/2022/09/21/1</a>
<a href="http://www.openwall.com/lists/oss-security/2022/09/21/4">http://www.openwall.com/lists/oss-security/2022/09/21/4</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/errata/RHSA-2022:7323">https://access.redhat.com/errata/RHSA-2022:7323</a>
<a href="https://access.redhat.com/security/cve/CVE-2020-10735">https://access.redhat.com/security/cve/CVE-2020-10735</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2144072">https://bugzilla.redhat.com/show_bug.cgi?id=2144072</a>
@ -267,7 +341,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y">https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-7323.html">https://errata.almalinux.org/9/ALSA-2022-7323.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/95778">https://github.com/python/cpython/issues/95778</a>
<a href="https://linux.oracle.com/cve/CVE-2020-10735.html">https://linux.oracle.com/cve/CVE-2020-10735.html</a>
@ -302,12 +376,11 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/errata/RHSA-2022:8353">https://access.redhat.com/errata/RHSA-2022:8353</a>
<a href="https://access.redhat.com/security/cve/CVE-2021-28861">https://access.redhat.com/security/cve/CVE-2021-28861</a>
<a href="https://bugs.python.org/issue43223">https://bugs.python.org/issue43223</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2075390">https://bugzilla.redhat.com/2075390</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2054702">https://bugzilla.redhat.com/show_bug.cgi?id=2054702</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2059951">https://bugzilla.redhat.com/show_bug.cgi?id=2059951</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2075390">https://bugzilla.redhat.com/show_bug.cgi?id=2075390</a>
@ -315,7 +388,7 @@
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2128249">https://bugzilla.redhat.com/show_bug.cgi?id=2128249</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2022-8353.html">https://errata.almalinux.org/9/ALSA-2022-8353.html</a>
<a href="https://errata.rockylinux.org/RLSA-2022:8353">https://errata.rockylinux.org/RLSA-2022:8353</a>
<a href="https://github.com/python/cpython/pull/24848">https://github.com/python/cpython/pull/24848</a>
<a href="https://github.com/python/cpython/pull/93879">https://github.com/python/cpython/pull/93879</a>
@ -347,10 +420,8 @@
<td class="pkg-version">3.6.8-48.el8_7.rocky.0</td>
<td>3.6.8-48.el8_7.1.rocky.0</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0833">https://access.redhat.com/errata/RHSA-2023:0833</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0953">https://access.redhat.com/errata/RHSA-2023:0953</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-45061">https://access.redhat.com/security/cve/CVE-2022-45061</a>
<a href="https://bugzilla.redhat.com/1834423">https://bugzilla.redhat.com/1834423</a>
<a href="https://bugzilla.redhat.com/2120642">https://bugzilla.redhat.com/2120642</a>
<a href="https://bugzilla.redhat.com/2144072">https://bugzilla.redhat.com/2144072</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1834423">https://bugzilla.redhat.com/show_bug.cgi?id=1834423</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2120642">https://bugzilla.redhat.com/show_bug.cgi?id=2120642</a>
@ -358,7 +429,7 @@
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28861</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45061</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0833.html">https://errata.almalinux.org/8/ALSA-2023-0833.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0953.html">https://errata.almalinux.org/9/ALSA-2023-0953.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0833">https://errata.rockylinux.org/RLSA-2023:0833</a>
<a href="https://github.com/python/cpython/issues/98433">https://github.com/python/cpython/issues/98433</a>
<a href="https://github.com/python/cpython/pull/99092">https://github.com/python/cpython/pull/99092</a>
@ -400,6 +471,35 @@
<a href="https://ubuntu.com/security/notices/USN-5888-1">https://ubuntu.com/security/notices/USN-5888-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">python3-setuptools-wheel</td>
<td>CVE-2022-40897</td>
<td class="severity">MEDIUM</td>
<td class="pkg-version">39.2.0-6.el8</td>
<td>39.2.0-6.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0952">https://access.redhat.com/errata/RHSA-2023:0952</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-40897">https://access.redhat.com/security/cve/CVE-2022-40897</a>
<a href="https://bugzilla.redhat.com/2158559">https://bugzilla.redhat.com/2158559</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2158559">https://bugzilla.redhat.com/show_bug.cgi?id=2158559</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40897</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0952.html">https://errata.almalinux.org/9/ALSA-2023-0952.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0835">https://errata.rockylinux.org/RLSA-2023:0835</a>
<a href="https://github.com/advisories/GHSA-r9hx-vwmv-q579">https://github.com/advisories/GHSA-r9hx-vwmv-q579</a>
<a href="https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200">https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200</a>
<a href="https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be">https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be</a>
<a href="https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1">https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1</a>
<a href="https://github.com/pypa/setuptools/issues/3659">https://github.com/pypa/setuptools/issues/3659</a>
<a href="https://linux.oracle.com/cve/CVE-2022-40897.html">https://linux.oracle.com/cve/CVE-2022-40897.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0952.html">https://linux.oracle.com/errata/ELSA-2023-0952.html</a>
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-40897">https://nvd.nist.gov/vuln/detail/CVE-2022-40897</a>
<a href="https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/">https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/</a>
<a href="https://pyup.io/vulnerabilities/CVE-2022-40897/52495/">https://pyup.io/vulnerabilities/CVE-2022-40897/52495/</a>
<a href="https://security.netapp.com/advisory/ntap-20230214-0001/">https://security.netapp.com/advisory/ntap-20230214-0001/</a>
<a href="https://setuptools.pypa.io/en/latest/">https://setuptools.pypa.io/en/latest/</a>
<a href="https://ubuntu.com/security/notices/USN-5817-1">https://ubuntu.com/security/notices/USN-5817-1</a>
</td>
</tr>
<tr class="severity-MEDIUM">
<td class="pkg-name">systemd</td>
<td>CVE-2022-4415</td>
@ -407,13 +507,14 @@
<td class="pkg-version">239-68.el8_7.2</td>
<td>239-68.el8_7.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0954">https://access.redhat.com/errata/RHSA-2023:0954</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2149063">https://bugzilla.redhat.com/2149063</a>
<a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0954.html">https://errata.almalinux.org/9/ALSA-2023-0954.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://linux.oracle.com/cve/CVE-2022-4415.html">https://linux.oracle.com/cve/CVE-2022-4415.html</a>
@ -430,13 +531,14 @@
<td class="pkg-version">239-68.el8_7.2</td>
<td>239-68.el8_7.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0954">https://access.redhat.com/errata/RHSA-2023:0954</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2149063">https://bugzilla.redhat.com/2149063</a>
<a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0954.html">https://errata.almalinux.org/9/ALSA-2023-0954.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://linux.oracle.com/cve/CVE-2022-4415.html">https://linux.oracle.com/cve/CVE-2022-4415.html</a>
@ -453,13 +555,14 @@
<td class="pkg-version">239-68.el8_7.2</td>
<td>239-68.el8_7.4</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0837">https://access.redhat.com/errata/RHSA-2023:0837</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0954">https://access.redhat.com/errata/RHSA-2023:0954</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-4415">https://access.redhat.com/security/cve/CVE-2022-4415</a>
<a href="https://bugzilla.redhat.com/2149063">https://bugzilla.redhat.com/2149063</a>
<a href="https://bugzilla.redhat.com/2155515">https://bugzilla.redhat.com/2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2155515">https://bugzilla.redhat.com/show_bug.cgi?id=2155515</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2164049">https://bugzilla.redhat.com/show_bug.cgi?id=2164049</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4415</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0837.html">https://errata.almalinux.org/8/ALSA-2023-0837.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0954.html">https://errata.almalinux.org/9/ALSA-2023-0954.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0837">https://errata.rockylinux.org/RLSA-2023:0837</a>
<a href="https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c">https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c</a>
<a href="https://linux.oracle.com/cve/CVE-2022-4415.html">https://linux.oracle.com/cve/CVE-2022-4415.html</a>
@ -476,12 +579,12 @@
<td class="pkg-version">2:1.30-6.el8</td>
<td>2:1.30-6.el8_7.1</td>
<td class="links" data-more-links="off">
<a href="https://access.redhat.com/errata/RHSA-2023:0842">https://access.redhat.com/errata/RHSA-2023:0842</a>
<a href="https://access.redhat.com/errata/RHSA-2023:0959">https://access.redhat.com/errata/RHSA-2023:0959</a>
<a href="https://access.redhat.com/security/cve/CVE-2022-48303">https://access.redhat.com/security/cve/CVE-2022-48303</a>
<a href="https://bugzilla.redhat.com/2149722">https://bugzilla.redhat.com/2149722</a>
<a href="https://bugzilla.redhat.com/show_bug.cgi?id=2149722">https://bugzilla.redhat.com/show_bug.cgi?id=2149722</a>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48303</a>
<a href="https://errata.almalinux.org/8/ALSA-2023-0842.html">https://errata.almalinux.org/8/ALSA-2023-0842.html</a>
<a href="https://errata.almalinux.org/9/ALSA-2023-0959.html">https://errata.almalinux.org/9/ALSA-2023-0959.html</a>
<a href="https://errata.rockylinux.org/RLSA-2023:0842">https://errata.rockylinux.org/RLSA-2023:0842</a>
<a href="https://linux.oracle.com/cve/CVE-2022-48303.html">https://linux.oracle.com/cve/CVE-2022-48303.html</a>
<a href="https://linux.oracle.com/errata/ELSA-2023-0959.html">https://linux.oracle.com/errata/ELSA-2023-0959.html</a>

182
trivy-results.sarif
View File

@ -9,6 +9,33 @@
"informationUri": "https://github.com/aquasecurity/trivy",
"name": "Trivy",
"rules": [
{
"id": "CVE-2023-23916",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "curl: HTTP multi-header compression denial of service"
},
"fullDescription": {
"text": "An allocation of resources without limits or throttling vulnerability exists in curl \u0026lt;v7.88.0 based on the \u0026#34;chained\u0026#34; HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \u0026#34;links\u0026#34; in this \u0026#34;decompression chain\u0026#34; wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \u0026#34;malloc bomb\u0026#34;, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2023-23916",
"help": {
"text": "Vulnerability CVE-2023-23916\nSeverity: MEDIUM\nPackage: libcurl-minimal\nFixed Version: 7.61.1-25.el8_7.3\nLink: [CVE-2023-23916](https://avd.aquasec.com/nvd/cve-2023-23916)\nAn allocation of resources without limits or throttling vulnerability exists in curl \u003cv7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.",
"markdown": "**Vulnerability CVE-2023-23916**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|libcurl-minimal|7.61.1-25.el8_7.3|[CVE-2023-23916](https://avd.aquasec.com/nvd/cve-2023-23916)|\n\nAn allocation of resources without limits or throttling vulnerability exists in curl \u003cv7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2020-10735",
"name": "OsPackageVulnerability",
@ -90,6 +117,33 @@
]
}
},
{
"id": "CVE-2022-40897",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
},
"fullDescription": {
"text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-40897",
"help": {
"text": "Vulnerability CVE-2022-40897\nSeverity: MEDIUM\nPackage: python3-setuptools-wheel\nFixed Version: 39.2.0-6.el8_7.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.",
"markdown": "**Vulnerability CVE-2022-40897**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|python3-setuptools-wheel|39.2.0-6.el8_7.1|[CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)|\n\nPython Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
},
{
"id": "CVE-2022-4415",
"name": "OsPackageVulnerability",
@ -150,9 +204,63 @@
},
"results": [
{
"ruleId": "CVE-2020-10735",
"ruleId": "CVE-2023-23916",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: curl\nInstalled Version: 7.61.1-25.el8_7.1\nVulnerability CVE-2023-23916\nSeverity: MEDIUM\nFixed Version: 7.61.1-25.el8_7.3\nLink: [CVE-2023-23916](https://avd.aquasec.com/nvd/cve-2023-23916)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: curl@7.61.1-25.el8_7.1"
}
}
]
},
{
"ruleId": "CVE-2023-23916",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: libcurl-minimal\nInstalled Version: 7.61.1-25.el8_7.1\nVulnerability CVE-2023-23916\nSeverity: MEDIUM\nFixed Version: 7.61.1-25.el8_7.3\nLink: [CVE-2023-23916](https://avd.aquasec.com/nvd/cve-2023-23916)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: libcurl-minimal@7.61.1-25.el8_7.1"
}
}
]
},
{
"ruleId": "CVE-2020-10735",
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2020-10735\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)"
},
@ -178,7 +286,7 @@
},
{
"ruleId": "CVE-2021-28861",
"ruleIndex": 1,
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2021-28861\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)"
@ -205,7 +313,7 @@
},
{
"ruleId": "CVE-2022-45061",
"ruleIndex": 2,
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: platform-python\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2022-45061\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)"
@ -230,9 +338,36 @@
}
]
},
{
"ruleId": "CVE-2022-40897",
"ruleIndex": 4,
"level": "warning",
"message": {
"text": "Package: platform-python-setuptools\nInstalled Version: 39.2.0-6.el8\nVulnerability CVE-2022-40897\nSeverity: MEDIUM\nFixed Version: 39.2.0-6.el8_7.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: platform-python-setuptools@39.2.0-6.el8"
}
}
]
},
{
"ruleId": "CVE-2020-10735",
"ruleIndex": 0,
"ruleIndex": 1,
"level": "warning",
"message": {
"text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2020-10735\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2020-10735](https://avd.aquasec.com/nvd/cve-2020-10735)"
@ -259,7 +394,7 @@
},
{
"ruleId": "CVE-2021-28861",
"ruleIndex": 1,
"ruleIndex": 2,
"level": "warning",
"message": {
"text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2021-28861\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2021-28861](https://avd.aquasec.com/nvd/cve-2021-28861)"
@ -286,7 +421,7 @@
},
{
"ruleId": "CVE-2022-45061",
"ruleIndex": 2,
"ruleIndex": 3,
"level": "warning",
"message": {
"text": "Package: python3-libs\nInstalled Version: 3.6.8-48.el8_7.rocky.0\nVulnerability CVE-2022-45061\nSeverity: MEDIUM\nFixed Version: 3.6.8-48.el8_7.1.rocky.0\nLink: [CVE-2022-45061](https://avd.aquasec.com/nvd/cve-2022-45061)"
@ -311,9 +446,36 @@
}
]
},
{
"ruleId": "CVE-2022-40897",
"ruleIndex": 4,
"level": "warning",
"message": {
"text": "Package: python3-setuptools-wheel\nInstalled Version: 39.2.0-6.el8\nVulnerability CVE-2022-40897\nSeverity: MEDIUM\nFixed Version: 39.2.0-6.el8_7.1\nLink: [CVE-2022-40897](https://avd.aquasec.com/nvd/cve-2022-40897)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: python3-setuptools-wheel@39.2.0-6.el8"
}
}
]
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"ruleIndex": 5,
"level": "warning",
"message": {
"text": "Package: systemd\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
@ -340,7 +502,7 @@
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"ruleIndex": 5,
"level": "warning",
"message": {
"text": "Package: systemd-libs\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
@ -367,7 +529,7 @@
},
{
"ruleId": "CVE-2022-4415",
"ruleIndex": 3,
"ruleIndex": 5,
"level": "warning",
"message": {
"text": "Package: systemd-pam\nInstalled Version: 239-68.el8_7.2\nVulnerability CVE-2022-4415\nSeverity: MEDIUM\nFixed Version: 239-68.el8_7.4\nLink: [CVE-2022-4415](https://avd.aquasec.com/nvd/cve-2022-4415)"
@ -394,7 +556,7 @@
},
{
"ruleId": "CVE-2022-48303",
"ruleIndex": 4,
"ruleIndex": 6,
"level": "warning",
"message": {
"text": "Package: tar\nInstalled Version: 2:1.30-6.el8\nVulnerability CVE-2022-48303\nSeverity: MEDIUM\nFixed Version: 2:1.30-6.el8_7.1\nLink: [CVE-2022-48303](https://avd.aquasec.com/nvd/cve-2022-48303)"