deploy: 9faa504140
This commit is contained in:
parent
5fda33a583
commit
f9996d1acc
49
index.html
49
index.html
|
@ -51,7 +51,7 @@
|
|||
}
|
||||
a.toggle-more-links { cursor: pointer; }
|
||||
</style>
|
||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-02 13:15:05.08642875 +0000 UTC m=+0.759440565 </title>
|
||||
<title>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-03 13:08:42.182119516 +0000 UTC m=+1.111515167 </title>
|
||||
<script>
|
||||
window.onload = function() {
|
||||
document.querySelectorAll('td.links').forEach(function(linkCell) {
|
||||
|
@ -81,7 +81,7 @@
|
|||
</script>
|
||||
</head>
|
||||
<body>
|
||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-02 13:15:05.08647245 +0000 UTC m=+0.759484365</h1>
|
||||
<h1>docker.io/rockylinux/rockylinux:8 (rocky 8.6) - Trivy Report - 2022-09-03 13:08:42.182150216 +0000 UTC m=+1.111545867</h1>
|
||||
<table>
|
||||
<tr class="group-header"><th colspan="6">rocky</th></tr>
|
||||
<tr class="sub-header">
|
||||
|
@ -202,6 +202,51 @@
|
|||
<a href="https://www.debian.org/security/2022/dsa-5197">https://www.debian.org/security/2022/dsa-5197</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-HIGH">
|
||||
<td class="pkg-name">systemd</td>
|
||||
<td>CVE-2022-2526</td>
|
||||
<td class="severity">HIGH</td>
|
||||
<td class="pkg-version">239-58.el8</td>
|
||||
<td>239-58.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-2526">https://access.redhat.com/security/cve/CVE-2022-2526</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-2526.html">https://linux.oracle.com/cve/CVE-2022-2526.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6206.html">https://linux.oracle.com/errata/ELSA-2022-6206.html</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5583-1">https://ubuntu.com/security/notices/USN-5583-1</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-HIGH">
|
||||
<td class="pkg-name">systemd-libs</td>
|
||||
<td>CVE-2022-2526</td>
|
||||
<td class="severity">HIGH</td>
|
||||
<td class="pkg-version">239-58.el8</td>
|
||||
<td>239-58.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-2526">https://access.redhat.com/security/cve/CVE-2022-2526</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-2526.html">https://linux.oracle.com/cve/CVE-2022-2526.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6206.html">https://linux.oracle.com/errata/ELSA-2022-6206.html</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5583-1">https://ubuntu.com/security/notices/USN-5583-1</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-HIGH">
|
||||
<td class="pkg-name">systemd-pam</td>
|
||||
<td>CVE-2022-2526</td>
|
||||
<td class="severity">HIGH</td>
|
||||
<td class="pkg-version">239-58.el8</td>
|
||||
<td>239-58.el8_6.4</td>
|
||||
<td class="links" data-more-links="off">
|
||||
<a href="https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json">https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2526.json</a>
|
||||
<a href="https://access.redhat.com/security/cve/CVE-2022-2526">https://access.redhat.com/security/cve/CVE-2022-2526</a>
|
||||
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2526</a>
|
||||
<a href="https://linux.oracle.com/cve/CVE-2022-2526.html">https://linux.oracle.com/cve/CVE-2022-2526.html</a>
|
||||
<a href="https://linux.oracle.com/errata/ELSA-2022-6206.html">https://linux.oracle.com/errata/ELSA-2022-6206.html</a>
|
||||
<a href="https://ubuntu.com/security/notices/USN-5583-1">https://ubuntu.com/security/notices/USN-5583-1</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr class="severity-MEDIUM">
|
||||
<td class="pkg-name">vim-minimal</td>
|
||||
<td>CVE-2022-1785</td>
|
||||
|
|
|
@ -63,6 +63,33 @@
|
|||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "CVE-2022-2526",
|
||||
"name": "OsPackageVulnerability",
|
||||
"shortDescription": {
|
||||
"text": "CVE-2022-2526"
|
||||
},
|
||||
"fullDescription": {
|
||||
"text": "A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in \u0026#39;resolved-dns-stream.c\u0026#39; not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."
|
||||
},
|
||||
"defaultConfiguration": {
|
||||
"level": "error"
|
||||
},
|
||||
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-2526",
|
||||
"help": {
|
||||
"text": "Vulnerability CVE-2022-2526\nSeverity: HIGH\nPackage: systemd-pam\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)\nA use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.",
|
||||
"markdown": "**Vulnerability CVE-2022-2526**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|HIGH|systemd-pam|239-58.el8_6.4|[CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)|\n\nA use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later."
|
||||
},
|
||||
"properties": {
|
||||
"precision": "very-high",
|
||||
"security-severity": "8.0",
|
||||
"tags": [
|
||||
"vulnerability",
|
||||
"security",
|
||||
"HIGH"
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"id": "CVE-2022-1785",
|
||||
"name": "OsPackageVulnerability",
|
||||
|
@ -246,8 +273,80 @@
|
|||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1785",
|
||||
"ruleId": "CVE-2022-2526",
|
||||
"ruleIndex": 2,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: systemd\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: HIGH\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2526",
|
||||
"ruleIndex": 2,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: systemd-libs\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: HIGH\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-2526",
|
||||
"ruleIndex": 2,
|
||||
"level": "error",
|
||||
"message": {
|
||||
"text": "Package: systemd-pam\nInstalled Version: 239-58.el8\nVulnerability CVE-2022-2526\nSeverity: HIGH\nFixed Version: 239-58.el8_6.4\nLink: [CVE-2022-2526](https://avd.aquasec.com/nvd/cve-2022-2526)"
|
||||
},
|
||||
"locations": [
|
||||
{
|
||||
"physicalLocation": {
|
||||
"artifactLocation": {
|
||||
"uri": "rockylinux/rockylinux",
|
||||
"uriBaseId": "ROOTPATH"
|
||||
},
|
||||
"region": {
|
||||
"startLine": 1,
|
||||
"startColumn": 1,
|
||||
"endLine": 1,
|
||||
"endColumn": 1
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1785",
|
||||
"ruleIndex": 3,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1785\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1785](https://avd.aquasec.com/nvd/cve-2022-1785)"
|
||||
|
@ -271,7 +370,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1897",
|
||||
"ruleIndex": 3,
|
||||
"ruleIndex": 4,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1897\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1897](https://avd.aquasec.com/nvd/cve-2022-1897)"
|
||||
|
@ -295,7 +394,7 @@
|
|||
},
|
||||
{
|
||||
"ruleId": "CVE-2022-1927",
|
||||
"ruleIndex": 4,
|
||||
"ruleIndex": 5,
|
||||
"level": "warning",
|
||||
"message": {
|
||||
"text": "Package: vim-minimal\nInstalled Version: 2:8.0.1763-19.el8_6.2\nVulnerability CVE-2022-1927\nSeverity: MEDIUM\nFixed Version: 2:8.0.1763-19.el8_6.4\nLink: [CVE-2022-1927](https://avd.aquasec.com/nvd/cve-2022-1927)"
|
||||
|
|
Loading…
Reference in New Issue