deploy: 9faa504140
This commit is contained in:
parent
aa24a268d4
commit
d666566a6f
31
index.html
31
index.html
|
@ -51,7 +51,7 @@
|
|||
}
|
||||
a.toggle-more-links { cursor: pointer; }
|
||||
</style>
|
||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-23 13:15:58.693113905 +0000 UTC m=+0.723437429 </title>
|
||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-24 13:12:54.616554675 +0000 UTC m=+1.117938517 </title>
|
||||
<script>
|
||||
window.onload = function() {
|
||||
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
||||
|
@ -81,7 +81,7 @@
|
|||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-23 13:15:58.693138206 +0000 UTC m=+0.723461730</h1>
|
||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-24 13:12:54.616583275 +0000 UTC m=+1.117967117</h1>
|
||||
<table>
|
||||
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
||||
<tr class="sub-header">
|
||||
|
@ -149,6 +149,33 @@
|
|||
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">gnupg2</td>
|
||||
<td>CVE-2022-34903</td>
|
||||
<td class="severity">MEDIUM</td>
|
||||
<td class="pkg-version">2.2.20-2.el8</td>
|
||||
<td>2.2.20-3.el8_6</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="http://www.openwall.com/lists/oss-security/2022/07/02/1">http://www.openwall.com/lists/oss-security/2022/07/02/1</a>
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34903.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-34903.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-34903">https://access.redhat.com/security/cve/CVE-2022-34903</a>
|
||||
<a href="https://bugs.debian.org/1014157">https://bugs.debian.org/1014157</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34903</a>
|
||||
<a href="https://dev.gnupg.org/T6027">https://dev.gnupg.org/T6027</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-34903.html">https://linux.oracle.com/cve/CVE-2022-34903.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6602.html">https://linux.oracle.com/errata/ELSA-2022-6602.html</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/</a>
|
||||
<a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/</a>
|
||||
<a href="https://nvd.nist.gov/vuln/detail/CVE-2022-34903">https://nvd.nist.gov/vuln/detail/CVE-2022-34903</a>
|
||||
<a href="https://security.netapp.com/advisory/ntap-20220826-0005/">https://security.netapp.com/advisory/ntap-20220826-0005/</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5503-1">https://ubuntu.com/security/notices/USN-5503-1</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5503-2">https://ubuntu.com/security/notices/USN-5503-2</a>
|
||||
<a href="https://www.debian.org/security/2022/dsa-5174">https://www.debian.org/security/2022/dsa-5174</a>
|
||||
<a href="https://www.openwall.com/lists/oss-security/2022/06/30/1">https://www.openwall.com/lists/oss-security/2022/06/30/1</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">libcurl-minimal</td>
|
||||
<td>CVE-2022-32206</td>
|
||||
|
|
|
@ -63,6 +63,33 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "CVE-2022-34903",
|
||||
"name": "OsPackageVulnerability",
|
||||
"shortDescription": {
|
||||
"text": "CVE-2022-34903"
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": "GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\u0026#39;s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "warning"
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-34903",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2022-34903\nSeverity: MEDIUM\nPackage: gnupg2\nFixed Version: 2.2.20-3.el8_6\nLink: [CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.",
|
||||
"markdown": "**Vulnerability CVE-2022-34903**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|gnupg2|2.2.20-3.el8_6|[CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)|\n\nGnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line."
|
||||
},
|
||||
"properties": {
|
||||
"precision": "very-high",
|
||||
"security-severity": "6.5",
|
||||
"tags": [
|
||||
"vulnerability",
|
||||
"security",
|
||||
"MEDIUM"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "CVE-2022-1292",
|
||||
"name": "OsPackageVulnerability",
|
||||
|
@ -332,6 +359,30 @@
|
|||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-34903",
|
||||
"ruleIndex": 2,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: gnupg2\nInstalled Version: 2.2.20-2.el8\nVulnerability CVE-2022-34903\nSeverity: MEDIUM\nFixed Version: 2.2.20-3.el8_6\nLink: [CVE-2022-34903](https://avd.aquasec.com/nvd/cve-2022-34903)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-32206",
|
||||
"ruleIndex": 0,
|
||||
|
@ -382,7 +433,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1292",
|
||||
"ruleIndex": 2,
|
||||
"ruleIndex": 3,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-1292\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-1292](https://avd.aquasec.com/nvd/cve-2022-1292)"
|
||||
|
@ -406,7 +457,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2068",
|
||||
"ruleIndex": 3,
|
||||
"ruleIndex": 4,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2068\nSeverity: CRITICAL\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2068](https://avd.aquasec.com/nvd/cve-2022-2068)"
|
||||
|
@ -430,7 +481,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2097",
|
||||
"ruleIndex": 4,
|
||||
"ruleIndex": 5,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: openssl-libs\nInstalled Version: 1:1.1.1k-6.el8_5\nVulnerability CVE-2022-2097\nSeverity: MEDIUM\nFixed Version: 1:1.1.1k-7.el8_6\nLink: [CVE-2022-2097](https://avd.aquasec.com/nvd/cve-2022-2097)"
|
||||
|
@ -454,7 +505,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1586",
|
||||
"ruleIndex": 5,
|
||||
"ruleIndex": 6,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: pcre2\nInstalled Version: 10.32-2.el8\nVulnerability CVE-2022-1586\nSeverity: CRITICAL\nFixed Version: 10.32-3.el8_6\nLink: [CVE-2022-1586](https://avd.aquasec.com/nvd/cve-2022-1586)"
|
||||
|
@ -478,7 +529,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2526",
|
||||
"ruleIndex": 6,
|
||||
"ruleIndex": 7,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||
|
@ -502,7 +553,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2526",
|
||||
"ruleIndex": 6,
|
||||
"ruleIndex": 7,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||
|
@ -526,7 +577,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2526",
|
||||
"ruleIndex": 6,
|
||||
"ruleIndex": 7,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: CRITICAL\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||
|
@ -550,7 +601,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1927",
|
||||
"ruleIndex": 7,
|
||||
"ruleIndex": 8,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: CRITICAL\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
|
||||
|
@ -574,7 +625,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1785",
|
||||
"ruleIndex": 8,
|
||||
"ruleIndex": 9,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
|
||||
|
@ -598,7 +649,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1897",
|
||||
"ruleIndex": 9,
|
||||
"ruleIndex": 10,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: HIGH\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
|
||||
|
|
Loading…
Reference in New Issue