diff --git a/incubator/senseai-server/0.0.2/CHANGELOG.md b/incubator/senseai-server/0.0.3/CHANGELOG.md similarity index 62% rename from incubator/senseai-server/0.0.2/CHANGELOG.md rename to incubator/senseai-server/0.0.3/CHANGELOG.md index 0ec0d4b1470..665e1382652 100644 --- a/incubator/senseai-server/0.0.2/CHANGELOG.md +++ b/incubator/senseai-server/0.0.3/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [senseai-server-0.0.3](https://github.com/truecharts/apps/compare/senseai-server-0.0.2...senseai-server-0.0.3) (2022-06-16) + +#### Chore + +* update image ref ([#2915](https://github.com/truecharts/apps/issues/2915)) + + + ### [senseai-server-0.0.2](https://github.com/truecharts/apps/compare/senseai-server-0.0.1...senseai-server-0.0.2) (2022-06-16) diff --git a/stable/scrutiny/2.0.4/Chart.lock b/incubator/senseai-server/0.0.3/Chart.lock similarity index 80% rename from stable/scrutiny/2.0.4/Chart.lock rename to incubator/senseai-server/0.0.3/Chart.lock index baf7e42fe3c..e6532c351bb 100644 --- a/stable/scrutiny/2.0.4/Chart.lock +++ b/incubator/senseai-server/0.0.3/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://library-charts.truecharts.org version: 10.0.10 digest: sha256:9f3c62e5207bf34631e3ba3f32ed1c823f1439d2d5ce6953f3ca1c6fb86fc4bc -generated: "2022-06-14T14:45:52.966633318Z" +generated: "2022-06-16T16:54:18.971537508Z" diff --git a/incubator/senseai-server/0.0.2/Chart.yaml b/incubator/senseai-server/0.0.3/Chart.yaml similarity index 95% rename from incubator/senseai-server/0.0.2/Chart.yaml rename to incubator/senseai-server/0.0.3/Chart.yaml index 23f246b341a..ecdea467881 100644 --- a/incubator/senseai-server/0.0.2/Chart.yaml +++ b/incubator/senseai-server/0.0.3/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "focal" +appVersion: "1.4.0" dependencies: - name: common repository: https://library-charts.truecharts.org @@ -19,7 +19,7 @@ name: senseai-server sources: - https://github.com/codeproject/CodeProject.SenseAI - https://hub.docker.com/r/codeproject/senseai-server -version: 0.0.2 +version: 0.0.3 annotations: truecharts.org/catagories: | - ai diff --git a/incubator/senseai-server/0.0.2/README.md b/incubator/senseai-server/0.0.3/README.md similarity index 100% rename from incubator/senseai-server/0.0.2/README.md rename to incubator/senseai-server/0.0.3/README.md diff --git a/incubator/senseai-server/0.0.2/app-readme.md b/incubator/senseai-server/0.0.3/app-readme.md similarity index 100% rename from incubator/senseai-server/0.0.2/app-readme.md rename to incubator/senseai-server/0.0.3/app-readme.md diff --git a/incubator/senseai-server/0.0.2/charts/common-10.0.10.tgz b/incubator/senseai-server/0.0.3/charts/common-10.0.10.tgz similarity index 100% rename from incubator/senseai-server/0.0.2/charts/common-10.0.10.tgz rename to incubator/senseai-server/0.0.3/charts/common-10.0.10.tgz diff --git a/incubator/senseai-server/0.0.2/ix_values.yaml b/incubator/senseai-server/0.0.3/ix_values.yaml similarity index 60% rename from incubator/senseai-server/0.0.2/ix_values.yaml rename to incubator/senseai-server/0.0.3/ix_values.yaml index 47c1662dff4..ee4fc4cf5b8 100644 --- a/incubator/senseai-server/0.0.2/ix_values.yaml +++ b/incubator/senseai-server/0.0.3/ix_values.yaml @@ -1,6 +1,6 @@ image: - repository: codeproject/senseai-server - tag: focal-1.4.0@sha256:e26603f89a1a994cda27c4604fb79ed380acd65e4233e9bd4a8689eb21625b39 + repository: tccr.io/truecharts/senseai-server + tag: v1.4.0@sha256:e643c56eb99edd4a84d60d9b4b4607a5759ce339bec1f0ce577d60eedc90c7e5 pullPolicy: IfNotPresent service: diff --git a/incubator/senseai-server/0.0.2/questions.yaml b/incubator/senseai-server/0.0.3/questions.yaml similarity index 100% rename from incubator/senseai-server/0.0.2/questions.yaml rename to incubator/senseai-server/0.0.3/questions.yaml diff --git a/incubator/senseai-server/0.0.2/security.md b/incubator/senseai-server/0.0.3/security.md similarity index 99% rename from incubator/senseai-server/0.0.2/security.md rename to incubator/senseai-server/0.0.3/security.md index 1c9feb35686..6ac49334641 100644 --- a/incubator/senseai-server/0.0.2/security.md +++ b/incubator/senseai-server/0.0.3/security.md @@ -34,7 +34,7 @@ hide: ##### Detected Containers tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 - codeproject/senseai-server:focal-1.4.0@sha256:e26603f89a1a994cda27c4604fb79ed380acd65e4233e9bd4a8689eb21625b39 + tccr.io/truecharts/senseai-server:v1.4.0@sha256:e643c56eb99edd4a84d60d9b4b4607a5759ce339bec1f0ce577d60eedc90c7e5 ##### Scan Results @@ -60,7 +60,7 @@ hide: | zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://ubuntu.com/security/notices/USN-5359-2
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| -#### Container: codeproject/senseai-server:focal-1.4.0@sha256:e26603f89a1a994cda27c4604fb79ed380acd65e4233e9bd4a8689eb21625b39 (ubuntu 20.04) +#### Container: tccr.io/truecharts/senseai-server:v1.4.0@sha256:e643c56eb99edd4a84d60d9b4b4607a5759ce339bec1f0ce577d60eedc90c7e5 (ubuntu 20.04) **ubuntu** diff --git a/incubator/senseai-server/0.0.2/templates/common.yaml b/incubator/senseai-server/0.0.3/templates/common.yaml similarity index 100% rename from incubator/senseai-server/0.0.2/templates/common.yaml rename to incubator/senseai-server/0.0.3/templates/common.yaml diff --git a/incubator/senseai-server/0.0.2/values.yaml b/incubator/senseai-server/0.0.3/values.yaml similarity index 100% rename from incubator/senseai-server/0.0.2/values.yaml rename to incubator/senseai-server/0.0.3/values.yaml diff --git a/stable/scrutiny/2.0.4/security.md b/stable/scrutiny/2.0.4/security.md deleted file mode 100644 index d9bd5802272..00000000000 --- a/stable/scrutiny/2.0.4/security.md +++ /dev/null @@ -1,90 +0,0 @@ ---- -hide: - - toc ---- - -# Security Overview - - - -## Helm-Chart - -##### Scan Results - -#### Chart Object: scrutiny/templates/common.yaml - - - -| Type | Misconfiguration ID | Check | Severity | Explaination | Links | -|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| -| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| -| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| -| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| -| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| -| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| -| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| -| Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| -| Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| -| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| -| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| -| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| -| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| -| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM |
Expand... HostPath volumes must be forbidden.


Deployment 'RELEASE-NAME-scrutiny' should not set 'spec.template.volumes.hostPath'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
| -| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.


Deployment 'RELEASE-NAME-scrutiny' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| - -## Containers - -##### Detected Containers - - tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 - tccr.io/truecharts/scrutiny:v2021.12.16 - -##### Scan Results - - -#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) - - -**alpine** - - -| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | -|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| -| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| -| curl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| curl | CVE-2022-27775 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| libcurl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| libcurl | CVE-2022-27775 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| -| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| -| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://ubuntu.com/security/notices/USN-5359-2
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| - - -#### Container: usr/local/bin/scrutiny - - -**gobinary** - - -| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | -|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| -| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.3 | 0.3.7 |
Expand...https://go.dev/cl/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113
| - -**gobinary** - - -| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | -|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| -| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.3 | 0.3.7 |
Expand...https://go.dev/cl/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113
| - -**gobinary** - - -| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | -|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| -| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.3 | 0.3.7 |
Expand...https://go.dev/cl/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113
| diff --git a/stable/scrutiny/2.0.4/CHANGELOG.md b/stable/scrutiny/2.0.5/CHANGELOG.md similarity index 87% rename from stable/scrutiny/2.0.4/CHANGELOG.md rename to stable/scrutiny/2.0.5/CHANGELOG.md index a4f0bd8fbd3..72e28397263 100644 --- a/stable/scrutiny/2.0.4/CHANGELOG.md +++ b/stable/scrutiny/2.0.5/CHANGELOG.md @@ -1,6 +1,19 @@ # Changelog
+ +### [scrutiny-2.0.5](https://github.com/truecharts/apps/compare/scrutiny-2.0.4...scrutiny-2.0.5) (2022-06-16) + +#### Chore + +* update image ref ([#2915](https://github.com/truecharts/apps/issues/2915)) + +#### Fix + +* BREAKING CHANGE: Use official image due to LSIO deprecation ([#2888](https://github.com/truecharts/apps/issues/2888)) + + + ### [scrutiny-2.0.4](https://github.com/truecharts/apps/compare/scrutiny-2.0.3...scrutiny-2.0.4) (2022-06-14) @@ -84,16 +97,3 @@ #### Chore * update helm general non-major helm releases ([#2759](https://github.com/truecharts/apps/issues/2759)) - - - - -### [scrutiny-1.0.17](https://github.com/truecharts/apps/compare/scrutiny-1.0.16...scrutiny-1.0.17) (2022-05-24) - -#### Chore - -* update helm general non-major helm releases - - - - diff --git a/stable/scrutiny/2.0.4/CONFIG.md b/stable/scrutiny/2.0.5/CONFIG.md similarity index 100% rename from stable/scrutiny/2.0.4/CONFIG.md rename to stable/scrutiny/2.0.5/CONFIG.md diff --git a/incubator/senseai-server/0.0.2/Chart.lock b/stable/scrutiny/2.0.5/Chart.lock similarity index 80% rename from incubator/senseai-server/0.0.2/Chart.lock rename to stable/scrutiny/2.0.5/Chart.lock index da91427c3ba..daab95e50ea 100644 --- a/incubator/senseai-server/0.0.2/Chart.lock +++ b/stable/scrutiny/2.0.5/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://library-charts.truecharts.org version: 10.0.10 digest: sha256:9f3c62e5207bf34631e3ba3f32ed1c823f1439d2d5ce6953f3ca1c6fb86fc4bc -generated: "2022-06-16T07:58:59.710820969Z" +generated: "2022-06-16T16:54:18.962916686Z" diff --git a/stable/scrutiny/2.0.4/Chart.yaml b/stable/scrutiny/2.0.5/Chart.yaml similarity index 95% rename from stable/scrutiny/2.0.4/Chart.yaml rename to stable/scrutiny/2.0.5/Chart.yaml index e03c09dba91..c80665be3ff 100644 --- a/stable/scrutiny/2.0.4/Chart.yaml +++ b/stable/scrutiny/2.0.5/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: scrutiny -version: 2.0.4 -appVersion: "2021.12.16" +version: 2.0.5 +appVersion: "0.4.12" description: Scrutiny WebUI for smartd S.M.A.R.T monitoring. Scrutiny is a Hard Drive Health Dashboard & Monitoring solution. type: application deprecated: false diff --git a/stable/scrutiny/2.0.4/README.md b/stable/scrutiny/2.0.5/README.md similarity index 100% rename from stable/scrutiny/2.0.4/README.md rename to stable/scrutiny/2.0.5/README.md diff --git a/stable/scrutiny/2.0.4/app-readme.md b/stable/scrutiny/2.0.5/app-readme.md similarity index 100% rename from stable/scrutiny/2.0.4/app-readme.md rename to stable/scrutiny/2.0.5/app-readme.md diff --git a/stable/scrutiny/2.0.4/charts/common-10.0.10.tgz b/stable/scrutiny/2.0.5/charts/common-10.0.10.tgz similarity index 100% rename from stable/scrutiny/2.0.4/charts/common-10.0.10.tgz rename to stable/scrutiny/2.0.5/charts/common-10.0.10.tgz diff --git a/stable/scrutiny/2.0.4/helm-values.md b/stable/scrutiny/2.0.5/helm-values.md similarity index 100% rename from stable/scrutiny/2.0.4/helm-values.md rename to stable/scrutiny/2.0.5/helm-values.md diff --git a/stable/scrutiny/2.0.4/ix_values.yaml b/stable/scrutiny/2.0.5/ix_values.yaml similarity index 57% rename from stable/scrutiny/2.0.4/ix_values.yaml rename to stable/scrutiny/2.0.5/ix_values.yaml index 576f10d0896..bfc0d9df8f6 100644 --- a/stable/scrutiny/2.0.4/ix_values.yaml +++ b/stable/scrutiny/2.0.5/ix_values.yaml @@ -1,22 +1,32 @@ image: repository: tccr.io/truecharts/scrutiny pullPolicy: IfNotPresent - tag: v2021.12.16 + tag: v0.4.12@sha256:dd341b58ec9bd2cf48113977174be36f2257eb6365cda01ce9a2a561afb4e732 securityContext: runAsNonRoot: false + readOnlyRootFilesystem: false privileged: true allowPrivilegeEscalation: true - readOnlyRootFilesystem: false + capabilities: + add: + - SYS_RAWIO # HDD's + - SYS_ADMIN # NVME's + +env: + COLLECTOR_CRON_SCHEDULE: "0 0 * * *" podSecurityContext: runAsUser: 0 runAsGroup: 0 -env: - SCRUTINY_WEB: true - SCRUTINY_COLLECTOR: true - SCRUTINY_API_ENDPOINT: "http://localhost:8080" +probes: + liveness: + path: "/api/health" + readiness: + path: "/api/health" + startup: + path: "/api/health" service: main: @@ -30,10 +40,10 @@ persistence: enabled: true config: enabled: true - mountPath: "/scrutiny/config" - data: + mountPath: "/opt/scrutiny/config" + influxdb: enabled: true - mountPath: "/config" + mountPath: "/opt/scrutiny/influxdb" udev: enabled: true type: hostPath diff --git a/stable/scrutiny/2.0.4/questions.yaml b/stable/scrutiny/2.0.5/questions.yaml similarity index 99% rename from stable/scrutiny/2.0.4/questions.yaml rename to stable/scrutiny/2.0.5/questions.yaml index 93bdeb3daf8..8a0621e7415 100644 --- a/stable/scrutiny/2.0.4/questions.yaml +++ b/stable/scrutiny/2.0.5/questions.yaml @@ -169,7 +169,6 @@ questions: label: "Value" schema: type: string - - variable: env group: "Container Configuration" label: "Image Environment" @@ -177,29 +176,13 @@ questions: additional_attrs: true type: dict attrs: - - variable: GIN_MODE - label: "GIN_MODE" + - variable: COLLECTOR_CRON_SCHEDULE + label: "COLLECTOR_CRON_SCHEDULE" + description: "COLLECTOR_CRON_SCHEDULE" schema: type: string - default: "release" - required: true - enum: - - value: "release" - description: "release" - - value: "debug" - description: "debug" - - variable: SCRUTINY_WEB - label: "SCRUTINY_WEB" - description: "SCRUTINY_WEB" - schema: - type: boolean - default: true - - variable: SCRUTINY_COLLECTOR - label: "SCRUTINY_COLLECTOR" - description: "SCRUTINY_COLLECTOR" - schema: - type: boolean - default: true + default: "0 0 * * *" + - variable: TZ label: "Timezone" group: "Container Configuration" @@ -904,9 +887,9 @@ questions: label: "Value" schema: type: string - - variable: data - label: "App data Storage" - description: "Stores the Application data." + - variable: influxdb + label: "App influxdb Storage" + description: "Stores the Application influxdb." schema: additional_attrs: true type: dict diff --git a/stable/scrutiny/2.0.5/security.md b/stable/scrutiny/2.0.5/security.md new file mode 100644 index 00000000000..6d260a864b8 --- /dev/null +++ b/stable/scrutiny/2.0.5/security.md @@ -0,0 +1,306 @@ +--- +hide: + - toc +--- + +# Security Overview + + + +## Helm-Chart + +##### Scan Results + +#### Chart Object: scrutiny/templates/common.yaml + + + +| Type | Misconfiguration ID | Check | Severity | Explaination | Links | +|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| +| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| +| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
| +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| +| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| +| Kubernetes Security Check | KSV005 | SYS_ADMIN capability added | HIGH |
Expand... SYS_ADMIN gives the processes running inside the container privileges that are equivalent to root.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should not include 'SYS_ADMIN' in 'securityContext.capabilities.add'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-add-index-sys-admin/
https://avd.aquasec.com/appshield/ksv005
| +| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| +| Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| +| Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv017
| +| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| +| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| +| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| +| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-scrutiny' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv021
| +| Kubernetes Security Check | KSV022 | Non-default capabilities added | MEDIUM |
Expand... Adding NET_RAW or capabilities beyond the default set must be disallowed.


Container 'RELEASE-NAME-scrutiny' of Deployment 'RELEASE-NAME-scrutiny' should not set 'securityContext.capabilities.add'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv022
| +| Kubernetes Security Check | KSV023 | hostPath volumes mounted | MEDIUM |
Expand... HostPath volumes must be forbidden.


Deployment 'RELEASE-NAME-scrutiny' should not set 'spec.template.volumes.hostPath'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/appshield/ksv023
| +| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW |
Expand... Containers should be forbidden from running with a root primary or supplementary GID.


Deployment 'RELEASE-NAME-scrutiny' should set 'spec.securityContext.runAsGroup', 'spec.securityContext.supplementalGroups[*]' and 'spec.securityContext.fsGroup' to integer greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv029
| + +## Containers + +##### Detected Containers + + tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 + tccr.io/truecharts/scrutiny:v0.4.12@sha256:dd341b58ec9bd2cf48113977174be36f2257eb6365cda01ce9a2a561afb4e732 + +##### Scan Results + + +#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2) + + +**alpine** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| +| curl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27775 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27775 | HIGH | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27774 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl | CVE-2022-27776 | MEDIUM | 7.80.0-r0 | 7.80.0-r1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| ssl_client | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 |
Expand...https://access.redhat.com/security/cve/CVE-2022-28391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391
https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch
https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch
https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
| +| zlib | CVE-2018-25032 | HIGH | 1.2.11-r3 | 1.2.12-r0 |
Expand...http://seclists.org/fulldisclosure/2022/May/33
http://seclists.org/fulldisclosure/2022/May/35
http://seclists.org/fulldisclosure/2022/May/38
http://www.openwall.com/lists/oss-security/2022/03/25/2
http://www.openwall.com/lists/oss-security/2022/03/26/1
https://access.redhat.com/security/cve/CVE-2018-25032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
https://errata.almalinux.org/8/ALSA-2022-2201.html
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
https://github.com/madler/zlib/compare/v1.2.11...v1.2.12
https://github.com/madler/zlib/issues/605
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.4
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5
https://groups.google.com/g/ruby-security-ann/c/vX7qSjsvWis/m/TJWN4oOKBwAJ
https://linux.oracle.com/cve/CVE-2018-25032.html
https://linux.oracle.com/errata/ELSA-2022-2213.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html
https://lists.debian.org/debian-lts-announce/2022/05/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NS2D2GFPFGOJUL4WQ3DUAY7HF4VWQ77F/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOKNP2L734AEL47NRYGVZIKEFOUBQY5Y/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOKFMSNQ5D5WGMALBNBXU3GE442V74WU/
https://nvd.nist.gov/vuln/detail/CVE-2018-25032
https://security.netapp.com/advisory/ntap-20220526-0009/
https://support.apple.com/kb/HT213255
https://support.apple.com/kb/HT213256
https://support.apple.com/kb/HT213257
https://ubuntu.com/security/notices/USN-5355-1
https://ubuntu.com/security/notices/USN-5355-2
https://ubuntu.com/security/notices/USN-5359-1
https://ubuntu.com/security/notices/USN-5359-2
https://www.debian.org/security/2022/dsa-5111
https://www.openwall.com/lists/oss-security/2022/03/24/1
https://www.openwall.com/lists/oss-security/2022/03/28/1
https://www.openwall.com/lists/oss-security/2022/03/28/3
| + + +#### Container: tccr.io/truecharts/scrutiny:v0.4.12@sha256:dd341b58ec9bd2cf48113977174be36f2257eb6365cda01ce9a2a561afb4e732 (debian 11.3) + + +**debian** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| apt | CVE-2011-3374 | LOW | 2.2.4 | |
Expand...https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| +| bsdutils | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| +| coreutils | CVE-2016-2781 | LOW | 8.32-4 | |
Expand...http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://access.redhat.com/security/cve/CVE-2016-2781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
https://nvd.nist.gov/vuln/detail/CVE-2016-2781
| +| coreutils | CVE-2017-18018 | LOW | 8.32-4 | |
Expand...http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
https://access.redhat.com/security/cve/CVE-2017-18018
| +| curl | CVE-2021-22945 | CRITICAL | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22945
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| curl | CVE-2021-22946 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22946
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| curl | CVE-2022-22576 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27775 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27781 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27781
https://curl.se/docs/CVE-2022-27781.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
https://github.com/curl/curl/commit/f6c335d63f
https://hackerone.com/reports/1555441
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
https://security.netapp.com/advisory/ntap-20220609-0009/
https://ubuntu.com/security/notices/USN-5412-1
| +| curl | CVE-2022-27782 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27782
https://curl.se/docs/CVE-2022-27782.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://hackerone.com/reports/1555796
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
https://security.netapp.com/advisory/ntap-20220609-0009/
https://ubuntu.com/security/notices/USN-5412-1
| +| curl | CVE-2021-22947 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22947
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| curl | CVE-2022-27774 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2022-27776 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| curl | CVE-2021-22898 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://access.redhat.com/security/cve/CVE-2021-22898
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://errata.almalinux.org/8/ALSA-2021-4511.html
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://nvd.nist.gov/vuln/detail/CVE-2021-22898
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| +| curl | CVE-2021-22922 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-22922
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| curl | CVE-2021-22923 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-22923
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| curl | CVE-2021-22924 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-22924
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22924
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| e2fsprogs | CVE-2022-1304 | HIGH | 1.46.2-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
| +| exim4-base | CVE-2021-38371 | HIGH | 4.94.2-7 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371
https://nostarttls.secvuln.info
https://www.exim.org
https://www.exim.org/static/doc/security/CVE-2021-38371.txt
| +| exim4-config | CVE-2021-38371 | HIGH | 4.94.2-7 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371
https://nostarttls.secvuln.info
https://www.exim.org
https://www.exim.org/static/doc/security/CVE-2021-38371.txt
| +| exim4-daemon-light | CVE-2021-38371 | HIGH | 4.94.2-7 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38371
https://nostarttls.secvuln.info
https://www.exim.org
https://www.exim.org/static/doc/security/CVE-2021-38371.txt
| +| libapt-pkg6.0 | CVE-2011-3374 | LOW | 2.2.4 | |
Expand...https://access.redhat.com/security/cve/cve-2011-3374
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html
https://seclists.org/fulldisclosure/2011/Sep/221
https://security-tracker.debian.org/tracker/CVE-2011-3374
https://snyk.io/vuln/SNYK-LINUX-APT-116518
https://ubuntu.com/security/CVE-2011-3374
| +| libblkid1 | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| +| libc-bin | CVE-2021-3999 | HIGH | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json
https://access.redhat.com/security/cve/CVE-2021-3999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| +| libc-bin | CVE-2010-4756 | LOW | 2.31-13+deb11u3 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://access.redhat.com/security/cve/CVE-2010-4756
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
https://nvd.nist.gov/vuln/detail/CVE-2010-4756
| +| libc-bin | CVE-2018-20796 | LOW | 2.31-13+deb11u3 | |
Expand...http://www.securityfocus.com/bid/107160
https://access.redhat.com/security/cve/CVE-2018-20796
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-20796
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| +| libc-bin | CVE-2019-1010022 | LOW | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-1010022
https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| +| libc-bin | CVE-2019-1010023 | LOW | 2.31-13+deb11u3 | |
Expand...http://www.securityfocus.com/bid/109167
https://access.redhat.com/security/cve/CVE-2019-1010023
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| +| libc-bin | CVE-2019-1010024 | LOW | 2.31-13+deb11u3 | |
Expand...http://www.securityfocus.com/bid/109162
https://access.redhat.com/security/cve/CVE-2019-1010024
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| +| libc-bin | CVE-2019-1010025 | LOW | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-1010025
https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| +| libc-bin | CVE-2019-9192 | LOW | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-9192
https://nvd.nist.gov/vuln/detail/CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| +| libc6 | CVE-2021-3999 | HIGH | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3999.json
https://access.redhat.com/security/cve/CVE-2021-3999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3999
https://linux.oracle.com/cve/CVE-2021-3999.html
https://linux.oracle.com/errata/ELSA-2022-9234.html
https://ubuntu.com/security/notices/USN-5310-1
https://ubuntu.com/security/notices/USN-5310-2
https://www.openwall.com/lists/oss-security/2022/01/24/4
| +| libc6 | CVE-2010-4756 | LOW | 2.31-13+deb11u3 | |
Expand...http://cxib.net/stuff/glob-0day.c
http://securityreason.com/achievement_securityalert/89
http://securityreason.com/exploitalert/9223
https://access.redhat.com/security/cve/CVE-2010-4756
https://bugzilla.redhat.com/show_bug.cgi?id=681681
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4756
https://nvd.nist.gov/vuln/detail/CVE-2010-4756
| +| libc6 | CVE-2018-20796 | LOW | 2.31-13+deb11u3 | |
Expand...http://www.securityfocus.com/bid/107160
https://access.redhat.com/security/cve/CVE-2018-20796
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141
https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-20796
https://security.netapp.com/advisory/ntap-20190315-0002/
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| +| libc6 | CVE-2019-1010022 | LOW | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-1010022
https://security-tracker.debian.org/tracker/CVE-2019-1010022
https://sourceware.org/bugzilla/show_bug.cgi?id=22850
https://sourceware.org/bugzilla/show_bug.cgi?id=22850#c3
https://ubuntu.com/security/CVE-2019-1010022
| +| libc6 | CVE-2019-1010023 | LOW | 2.31-13+deb11u3 | |
Expand...http://www.securityfocus.com/bid/109167
https://access.redhat.com/security/cve/CVE-2019-1010023
https://security-tracker.debian.org/tracker/CVE-2019-1010023
https://sourceware.org/bugzilla/show_bug.cgi?id=22851
https://support.f5.com/csp/article/K11932200?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010023
| +| libc6 | CVE-2019-1010024 | LOW | 2.31-13+deb11u3 | |
Expand...http://www.securityfocus.com/bid/109162
https://access.redhat.com/security/cve/CVE-2019-1010024
https://security-tracker.debian.org/tracker/CVE-2019-1010024
https://sourceware.org/bugzilla/show_bug.cgi?id=22852
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010024
| +| libc6 | CVE-2019-1010025 | LOW | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-1010025
https://security-tracker.debian.org/tracker/CVE-2019-1010025
https://sourceware.org/bugzilla/show_bug.cgi?id=22853
https://support.f5.com/csp/article/K06046097
https://support.f5.com/csp/article/K06046097?utm_source=f5support&utm_medium=RSS
https://ubuntu.com/security/CVE-2019-1010025
| +| libc6 | CVE-2019-9192 | LOW | 2.31-13+deb11u3 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-9192
https://nvd.nist.gov/vuln/detail/CVE-2019-9192
https://sourceware.org/bugzilla/show_bug.cgi?id=24269
https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS
| +| libcom-err2 | CVE-2022-1304 | HIGH | 1.46.2-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
| +| libcurl4 | CVE-2021-22945 | CRITICAL | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22945
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22945.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22945
https://hackerone.com/reports/1269242
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22945
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libcurl4 | CVE-2021-22946 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22946
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22946.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22946
https://hackerone.com/reports/1334111
https://linux.oracle.com/cve/CVE-2021-22946.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22946
https://security.netapp.com/advisory/ntap-20211029-0003/
https://security.netapp.com/advisory/ntap-20220121-0008/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libcurl4 | CVE-2022-22576 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-22576
https://curl.se/docs/CVE-2022-22576.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576
https://hackerone.com/reports/1526328
https://nvd.nist.gov/vuln/detail/CVE-2022-22576
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl4 | CVE-2022-27775 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27775
https://curl.se/docs/CVE-2022-27775.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27775
https://hackerone.com/reports/1546268
https://nvd.nist.gov/vuln/detail/CVE-2022-27775
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl4 | CVE-2022-27781 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27781
https://curl.se/docs/CVE-2022-27781.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27781
https://github.com/curl/curl/commit/f6c335d63f
https://hackerone.com/reports/1555441
https://nvd.nist.gov/vuln/detail/CVE-2022-27781
https://security.netapp.com/advisory/ntap-20220609-0009/
https://ubuntu.com/security/notices/USN-5412-1
| +| libcurl4 | CVE-2022-27782 | HIGH | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27782
https://curl.se/docs/CVE-2022-27782.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27782
https://hackerone.com/reports/1555796
https://nvd.nist.gov/vuln/detail/CVE-2022-27782
https://security.netapp.com/advisory/ntap-20220609-0009/
https://ubuntu.com/security/notices/USN-5412-1
| +| libcurl4 | CVE-2021-22947 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...http://seclists.org/fulldisclosure/2022/Mar/29
https://access.redhat.com/security/cve/CVE-2021-22947
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22947.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22947
https://hackerone.com/reports/1334763
https://launchpad.net/bugs/1944120 (regression bug)
https://linux.oracle.com/cve/CVE-2021-22947.html
https://linux.oracle.com/errata/ELSA-2021-4059.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/
https://nvd.nist.gov/vuln/detail/CVE-2021-22947
https://security.netapp.com/advisory/ntap-20211029-0003/
https://support.apple.com/kb/HT213183
https://ubuntu.com/security/notices/USN-5079-1
https://ubuntu.com/security/notices/USN-5079-2
https://ubuntu.com/security/notices/USN-5079-3
https://ubuntu.com/security/notices/USN-5079-4
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libcurl4 | CVE-2022-27774 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27774
https://curl.se/docs/CVE-2022-27774.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27774
https://hackerone.com/reports/1543773
https://nvd.nist.gov/vuln/detail/CVE-2022-27774
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl4 | CVE-2022-27776 | MEDIUM | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27776
https://curl.se/docs/CVE-2022-27776.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27776
https://hackerone.com/reports/1547048
https://nvd.nist.gov/vuln/detail/CVE-2022-27776
https://security.netapp.com/advisory/ntap-20220609-0008/
https://ubuntu.com/security/notices/USN-5397-1
| +| libcurl4 | CVE-2021-22898 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...http://www.openwall.com/lists/oss-security/2021/07/21/4
https://access.redhat.com/security/cve/CVE-2021-22898
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22898.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22898
https://errata.almalinux.org/8/ALSA-2021-4511.html
https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde
https://hackerone.com/reports/1176461
https://linux.oracle.com/cve/CVE-2021-22898.html
https://linux.oracle.com/errata/ELSA-2021-4511.html
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POOC3UV7V6L4CJ5KA2PTWTNUV5Y72T3Q/
https://nvd.nist.gov/vuln/detail/CVE-2021-22898
https://ubuntu.com/security/notices/USN-5021-1
https://ubuntu.com/security/notices/USN-5021-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
| +| libcurl4 | CVE-2021-22922 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-22922
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22922.html
https://hackerone.com/reports/1213175
https://linux.oracle.com/cve/CVE-2021-22922.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22922
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libcurl4 | CVE-2021-22923 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-22923
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://curl.se/docs/CVE-2021-22923.html
https://hackerone.com/reports/1213181
https://linux.oracle.com/cve/CVE-2021-22923.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22923
https://security.netapp.com/advisory/ntap-20210902-0003/
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libcurl4 | CVE-2021-22924 | LOW | 7.74.0-1.3+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-22924
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf
https://curl.se/docs/CVE-2021-22924.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22924
https://hackerone.com/reports/1223565
https://linux.oracle.com/cve/CVE-2021-22924.html
https://linux.oracle.com/errata/ELSA-2021-3582.html
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E
https://lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/
https://nvd.nist.gov/vuln/detail/CVE-2021-22924
https://security.netapp.com/advisory/ntap-20210902-0003/
https://ubuntu.com/security/notices/USN-5021-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libdb5.3 | CVE-2019-8457 | CRITICAL | 5.3.28+dfsg1-0.8 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00074.html
https://access.redhat.com/security/cve/CVE-2019-8457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8457
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://linux.oracle.com/cve/CVE-2019-8457.html
https://linux.oracle.com/errata/ELSA-2020-1810.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OPKYSWCOM3CL66RI76TYVIG6TJ263RXH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SJPFGA45DI4F5MCF2OAACGH3HQOF4G3M/
https://security.netapp.com/advisory/ntap-20190606-0002/
https://ubuntu.com/security/notices/USN-4004-1
https://ubuntu.com/security/notices/USN-4004-2
https://ubuntu.com/security/notices/USN-4019-1
https://ubuntu.com/security/notices/USN-4019-2
https://usn.ubuntu.com/4004-1/
https://usn.ubuntu.com/4004-2/
https://usn.ubuntu.com/4019-1/
https://usn.ubuntu.com/4019-2/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.sqlite.org/releaselog/3_28_0.html
https://www.sqlite.org/src/info/90acdbfce9c08858
| +| libexpat1 | CVE-2013-0340 | LOW | 2.2.10-2+deb11u3 | |
Expand...http://openwall.com/lists/oss-security/2013/02/22/3
http://seclists.org/fulldisclosure/2021/Oct/61
http://seclists.org/fulldisclosure/2021/Oct/62
http://seclists.org/fulldisclosure/2021/Oct/63
http://seclists.org/fulldisclosure/2021/Sep/33
http://seclists.org/fulldisclosure/2021/Sep/34
http://seclists.org/fulldisclosure/2021/Sep/35
http://seclists.org/fulldisclosure/2021/Sep/38
http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/40
http://securitytracker.com/id?1028213
http://www.openwall.com/lists/oss-security/2013/04/12/6
http://www.openwall.com/lists/oss-security/2021/10/07/4
http://www.osvdb.org/90634
http://www.securityfocus.com/bid/58233
https://access.redhat.com/security/cve/CVE-2013-0340
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702@%3Cusers.openoffice.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2013-0340
https://security.gentoo.org/glsa/201701-21
https://support.apple.com/kb/HT212804
https://support.apple.com/kb/HT212805
https://support.apple.com/kb/HT212807
https://support.apple.com/kb/HT212814
https://support.apple.com/kb/HT212815
https://support.apple.com/kb/HT212819
| +| libext2fs2 | CVE-2022-1304 | HIGH | 1.46.2-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
| +| libfribidi0 | CVE-2022-25308 | HIGH | 1.0.8-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-25308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25308
https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1
https://github.com/fribidi/fribidi/issues/181
https://ubuntu.com/security/notices/USN-5366-1
https://ubuntu.com/security/notices/USN-5366-2
| +| libfribidi0 | CVE-2022-25309 | MEDIUM | 1.0.8-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-25309
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25309
https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3
https://github.com/fribidi/fribidi/issues/182
https://ubuntu.com/security/notices/USN-5366-1
https://ubuntu.com/security/notices/USN-5366-2
| +| libfribidi0 | CVE-2022-25310 | MEDIUM | 1.0.8-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-25310
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25310
https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f
https://github.com/fribidi/fribidi/issues/183
https://ubuntu.com/security/notices/USN-5366-1
https://ubuntu.com/security/notices/USN-5366-2
| +| libgcrypt20 | CVE-2021-33560 | HIGH | 1.8.7-6 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33560.json
https://access.redhat.com/security/cve/CVE-2021-33560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33560
https://dev.gnupg.org/T5305
https://dev.gnupg.org/T5328
https://dev.gnupg.org/T5466
https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61
https://eprint.iacr.org/2021/923
https://errata.almalinux.org/8/ALSA-2021-4409.html
https://linux.oracle.com/cve/CVE-2021-33560.html
https://linux.oracle.com/errata/ELSA-2022-9263.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL/
https://nvd.nist.gov/vuln/detail/CVE-2021-33560
https://ubuntu.com/security/notices/USN-5080-1
https://ubuntu.com/security/notices/USN-5080-2
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libgcrypt20 | CVE-2018-6829 | LOW | 1.8.7-6 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-6829
https://github.com/weikengchen/attack-on-libgcrypt-elgamal
https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
https://www.oracle.com/security-alerts/cpujan2020.html
| +| libgnutls-dane0 | CVE-2021-4209 | MEDIUM | 3.7.1-5 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-4209
| +| libgnutls-dane0 | CVE-2011-3389 | LOW | 3.7.1-5 | |
Expand...http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132872385320240&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://osvdb.org/74829
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.debian.org/security/2012/dsa-2398
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.kb.cert.org/vuls/id/864643
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
http://www.securityfocus.com/bid/49388
http://www.securityfocus.com/bid/49778
http://www.securitytracker.com/id/1029190
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.ubuntu.com/usn/USN-1263-1
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
https://access.redhat.com/security/cve/CVE-2011-3389
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://linux.oracle.com/cve/CVE-2011-3389.html
https://linux.oracle.com/errata/ELSA-2011-1380.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
https://ubuntu.com/security/notices/USN-1263-1
| +| libgnutls30 | CVE-2021-4209 | MEDIUM | 3.7.1-5 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-4209
| +| libgnutls30 | CVE-2011-3389 | LOW | 3.7.1-5 | |
Expand...http://arcticdog.wordpress.com/2012/08/29/beast-openssl-and-apache/
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
http://blogs.technet.com/b/msrc/archive/2011/09/26/microsoft-releases-security-advisory-2588513.aspx
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
http://curl.haxx.se/docs/adv_20120124B.html
http://downloads.asterisk.org/pub/security/AST-2016-001.html
http://ekoparty.org/2011/juliano-rizzo.php
http://eprint.iacr.org/2004/111
http://eprint.iacr.org/2006/136
http://googlechromereleases.blogspot.com/2011/10/chrome-stable-release.html
http://isc.sans.edu/diary/SSL+TLS+part+3+/11635
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00051.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
http://marc.info/?l=bugtraq&m=132750579901589&w=2
http://marc.info/?l=bugtraq&m=132872385320240&w=2
http://marc.info/?l=bugtraq&m=133365109612558&w=2
http://marc.info/?l=bugtraq&m=133728004526190&w=2
http://marc.info/?l=bugtraq&m=134254866602253&w=2
http://marc.info/?l=bugtraq&m=134254957702612&w=2
http://my.opera.com/securitygroup/blog/2011/09/28/the-beast-ssl-tls-issue
http://osvdb.org/74829
http://rhn.redhat.com/errata/RHSA-2012-0508.html
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://secunia.com/advisories/45791
http://secunia.com/advisories/47998
http://secunia.com/advisories/48256
http://secunia.com/advisories/48692
http://secunia.com/advisories/48915
http://secunia.com/advisories/48948
http://secunia.com/advisories/49198
http://secunia.com/advisories/55322
http://secunia.com/advisories/55350
http://secunia.com/advisories/55351
http://security.gentoo.org/glsa/glsa-201203-02.xml
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://support.apple.com/kb/HT4999
http://support.apple.com/kb/HT5001
http://support.apple.com/kb/HT5130
http://support.apple.com/kb/HT5281
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT6150
http://technet.microsoft.com/security/advisory/2588513
http://vnhacker.blogspot.com/2011/09/beast.html
http://www.apcmedia.com/salestools/SJHN-7RKGNM/SJHN-7RKGNM_R4_EN.pdf
http://www.debian.org/security/2012/dsa-2398
http://www.educatedguesswork.org/2011/09/security_impact_of_the_rizzodu.html
http://www.ibm.com/developerworks/java/jdk/alerts/
http://www.imperialviolet.org/2011/09/23/chromeandbeast.html
http://www.insecure.cl/Beast-SSL.rar
http://www.kb.cert.org/vuls/id/864643
http://www.mandriva.com/security/advisories?name=MDVSA-2012:058
http://www.opera.com/docs/changelogs/mac/1151/
http://www.opera.com/docs/changelogs/mac/1160/
http://www.opera.com/docs/changelogs/unix/1151/
http://www.opera.com/docs/changelogs/unix/1160/
http://www.opera.com/docs/changelogs/windows/1151/
http://www.opera.com/docs/changelogs/windows/1160/
http://www.opera.com/support/kb/view/1004/
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
http://www.redhat.com/support/errata/RHSA-2011-1384.html
http://www.redhat.com/support/errata/RHSA-2012-0006.html
http://www.securityfocus.com/bid/49388
http://www.securityfocus.com/bid/49778
http://www.securitytracker.com/id/1029190
http://www.securitytracker.com/id?1025997
http://www.securitytracker.com/id?1026103
http://www.securitytracker.com/id?1026704
http://www.ubuntu.com/usn/USN-1263-1
http://www.us-cert.gov/cas/techalerts/TA12-010A.html
https://access.redhat.com/security/cve/CVE-2011-3389
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_fetchmail
https://bugzilla.novell.com/show_bug.cgi?id=719047
https://bugzilla.redhat.com/show_bug.cgi?id=737506
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-006
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
https://hermes.opensuse.org/messages/13154861
https://hermes.opensuse.org/messages/13155432
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
https://linux.oracle.com/cve/CVE-2011-3389.html
https://linux.oracle.com/errata/ELSA-2011-1380.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14752
https://ubuntu.com/security/notices/USN-1263-1
| +| libgssapi-krb5-2 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://access.redhat.com/security/cve/CVE-2004-0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| +| libgssapi-krb5-2 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| +| libk5crypto3 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://access.redhat.com/security/cve/CVE-2004-0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| +| libk5crypto3 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| +| libkrb5-3 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://access.redhat.com/security/cve/CVE-2004-0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| +| libkrb5-3 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| +| libkrb5support0 | CVE-2004-0971 | LOW | 1.18.3-6+deb11u1 | |
Expand...http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136304
http://www.gentoo.org/security/en/glsa/glsa-200410-24.xml
http://www.redhat.com/support/errata/RHSA-2005-012.html
http://www.securityfocus.com/bid/11289
http://www.trustix.org/errata/2004/0050
https://access.redhat.com/security/cve/CVE-2004-0971
https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10497
| +| libkrb5support0 | CVE-2018-5709 | LOW | 1.18.3-6+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| +| libldap-2.4-2 | CVE-2015-3276 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://rhn.redhat.com/errata/RHSA-2015-2131.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securitytracker.com/id/1034221
https://access.redhat.com/security/cve/CVE-2015-3276
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://linux.oracle.com/cve/CVE-2015-3276.html
https://linux.oracle.com/errata/ELSA-2015-2131.html
https://nvd.nist.gov/vuln/detail/CVE-2015-3276
| +| libldap-2.4-2 | CVE-2017-14159 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://www.openldap.org/its/index.cgi?findid=8703
https://access.redhat.com/security/cve/CVE-2017-14159
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libldap-2.4-2 | CVE-2017-17740 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
http://www.openldap.org/its/index.cgi/Incoming?id=8759
https://access.redhat.com/security/cve/CVE-2017-17740
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libldap-2.4-2 | CVE-2020-15719 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html
https://access.redhat.com/errata/RHBA-2019:3674
https://access.redhat.com/security/cve/CVE-2020-15719
https://bugs.openldap.org/show_bug.cgi?id=9266
https://bugzilla.redhat.com/show_bug.cgi?id=1740070
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libldap-common | CVE-2015-3276 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://rhn.redhat.com/errata/RHSA-2015-2131.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securitytracker.com/id/1034221
https://access.redhat.com/security/cve/CVE-2015-3276
https://bugzilla.redhat.com/show_bug.cgi?id=1238322
https://linux.oracle.com/cve/CVE-2015-3276.html
https://linux.oracle.com/errata/ELSA-2015-2131.html
https://nvd.nist.gov/vuln/detail/CVE-2015-3276
| +| libldap-common | CVE-2017-14159 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://www.openldap.org/its/index.cgi?findid=8703
https://access.redhat.com/security/cve/CVE-2017-14159
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libldap-common | CVE-2017-17740 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00053.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00058.html
http://www.openldap.org/its/index.cgi/Incoming?id=8759
https://access.redhat.com/security/cve/CVE-2017-17740
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libldap-common | CVE-2020-15719 | LOW | 2.4.57+dfsg-3+deb11u1 | |
Expand...http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00033.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00059.html
https://access.redhat.com/errata/RHBA-2019:3674
https://access.redhat.com/security/cve/CVE-2020-15719
https://bugs.openldap.org/show_bug.cgi?id=9266
https://bugzilla.redhat.com/show_bug.cgi?id=1740070
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libmariadb3 | CVE-2021-46669 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-46669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46669
https://jira.mariadb.org/browse/MDEV-25638
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRJCSPQHYPKTWXXZVDMY6JAHZJQ4TZ5X/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHEOTQ63YWC3PGHGDFGS7AZIEXCGOPWH/
https://mariadb.com/kb/en/security/
https://nvd.nist.gov/vuln/detail/CVE-2021-46669
https://security.netapp.com/advisory/ntap-20220221-0002/
| +| libmariadb3 | CVE-2022-27376 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27376
https://jira.mariadb.org/browse/MDEV-26354
https://nvd.nist.gov/vuln/detail/CVE-2022-27376
https://security.netapp.com/advisory/ntap-20220519-0007/
| +| libmariadb3 | CVE-2022-27377 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27377
https://jira.mariadb.org/browse/MDEV-26281
https://nvd.nist.gov/vuln/detail/CVE-2022-27377
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| libmariadb3 | CVE-2022-27378 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27378
https://jira.mariadb.org/browse/MDEV-26423
https://nvd.nist.gov/vuln/detail/CVE-2022-27378
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| libmariadb3 | CVE-2022-27379 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27379
https://jira.mariadb.org/browse/MDEV-26353
https://nvd.nist.gov/vuln/detail/CVE-2022-27379
https://security.netapp.com/advisory/ntap-20220526-0005/
| +| libmariadb3 | CVE-2022-27380 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27380
https://jira.mariadb.org/browse/MDEV-26280
https://nvd.nist.gov/vuln/detail/CVE-2022-27380
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| libmariadb3 | CVE-2022-27381 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27381
https://jira.mariadb.org/browse/MDEV-26061
https://nvd.nist.gov/vuln/detail/CVE-2022-27381
https://security.netapp.com/advisory/ntap-20220519-0006/
| +| libmariadb3 | CVE-2022-27382 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27382
https://jira.mariadb.org/browse/MDEV-26402
https://nvd.nist.gov/vuln/detail/CVE-2022-27382
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| libmariadb3 | CVE-2022-27383 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27383
https://jira.mariadb.org/browse/MDEV-26323
https://nvd.nist.gov/vuln/detail/CVE-2022-27383
https://security.netapp.com/advisory/ntap-20220519-0006/
| +| libmariadb3 | CVE-2022-27384 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27384
https://jira.mariadb.org/browse/MDEV-26047
https://nvd.nist.gov/vuln/detail/CVE-2022-27384
https://security.netapp.com/advisory/ntap-20220519-0006/
| +| libmariadb3 | CVE-2022-27385 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27385
https://jira.mariadb.org/browse/MDEV-26415
https://nvd.nist.gov/vuln/detail/CVE-2022-27385
https://security.netapp.com/advisory/ntap-20220526-0008/
| +| libmariadb3 | CVE-2022-27386 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27386
https://jira.mariadb.org/browse/MDEV-26406
https://nvd.nist.gov/vuln/detail/CVE-2022-27386
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| libmariadb3 | CVE-2022-27387 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27387
https://jira.mariadb.org/browse/MDEV-26422
https://nvd.nist.gov/vuln/detail/CVE-2022-27387
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| libmariadb3 | CVE-2022-27444 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27444
https://jira.mariadb.org/browse/MDEV-28080
https://nvd.nist.gov/vuln/detail/CVE-2022-27444
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27445 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27445
https://jira.mariadb.org/browse/MDEV-28081
https://nvd.nist.gov/vuln/detail/CVE-2022-27445
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27446 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27446
https://jira.mariadb.org/browse/MDEV-28082
https://nvd.nist.gov/vuln/detail/CVE-2022-27446
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27447 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27447
https://jira.mariadb.org/browse/MDEV-28099
https://nvd.nist.gov/vuln/detail/CVE-2022-27447
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27448 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27448
https://jira.mariadb.org/browse/MDEV-28095
https://nvd.nist.gov/vuln/detail/CVE-2022-27448
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27449 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27449
https://jira.mariadb.org/browse/MDEV-28089
https://nvd.nist.gov/vuln/detail/CVE-2022-27449
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27451 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27451
https://jira.mariadb.org/browse/MDEV-28094
https://nvd.nist.gov/vuln/detail/CVE-2022-27451
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27452 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27452
https://jira.mariadb.org/browse/MDEV-28090
https://nvd.nist.gov/vuln/detail/CVE-2022-27452
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| libmariadb3 | CVE-2022-27455 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27455
https://jira.mariadb.org/browse/MDEV-28097
https://nvd.nist.gov/vuln/detail/CVE-2022-27455
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| libmariadb3 | CVE-2022-27456 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27456
https://jira.mariadb.org/browse/MDEV-28093
https://nvd.nist.gov/vuln/detail/CVE-2022-27456
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| libmariadb3 | CVE-2022-27457 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27457
https://jira.mariadb.org/browse/MDEV-28098
https://nvd.nist.gov/vuln/detail/CVE-2022-27457
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| libmariadb3 | CVE-2022-27458 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27458
https://jira.mariadb.org/browse/MDEV-28099
https://nvd.nist.gov/vuln/detail/CVE-2022-27458
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| libmount1 | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| +| libncurses6 | CVE-2022-29458 | HIGH | 6.2+20201114-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| +| libncurses6 | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| +| libncursesw6 | CVE-2022-29458 | HIGH | 6.2+20201114-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| +| libncursesw6 | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| +| libpcre2-8-0 | CVE-2022-1586 | CRITICAL | 10.36-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1586
https://bugzilla.redhat.com/show_bug.cgi?id=2077976,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
| +| libpcre2-8-0 | CVE-2022-1587 | CRITICAL | 10.36-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1587
https://bugzilla.redhat.com/show_bug.cgi?id=2077983,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587
https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://nvd.nist.gov/vuln/detail/CVE-2022-1587
| +| libpcre3 | CVE-2017-11164 | LOW | 2:8.39-13 | |
Expand...http://openwall.com/lists/oss-security/2017/07/11/3
http://www.securityfocus.com/bid/99575
https://access.redhat.com/security/cve/CVE-2017-11164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| +| libpcre3 | CVE-2017-16231 | LOW | 2:8.39-13 | |
Expand...http://packetstormsecurity.com/files/150897/PCRE-8.41-Buffer-Overflow.html
http://seclists.org/fulldisclosure/2018/Dec/33
http://www.openwall.com/lists/oss-security/2017/11/01/11
http://www.openwall.com/lists/oss-security/2017/11/01/3
http://www.openwall.com/lists/oss-security/2017/11/01/7
http://www.openwall.com/lists/oss-security/2017/11/01/8
http://www.securityfocus.com/bid/101688
https://access.redhat.com/security/cve/CVE-2017-16231
https://bugs.exim.org/show_bug.cgi?id=2047
| +| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-13 | |
Expand...http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/security/cve/CVE-2017-7245
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
| +| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-13 | |
Expand...http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://access.redhat.com/security/cve/CVE-2017-7246
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
| +| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-13 | |
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://access.redhat.com/security/cve/CVE-2019-20838
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://errata.almalinux.org/8/ALSA-2021-4373.html
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-20838
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://ubuntu.com/security/notices/USN-5425-1
https://www.pcre.org/original/changelog.txt
| +| libpython3.9 | CVE-2015-20107 | CRITICAL | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2015-20107
https://bugs.python.org/issue24778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107
https://github.com/python/cpython/issues/68966
https://github.com/python/cpython/pull/91542/commits/340251550897cb98ae83ad1040750d6300112e80
https://github.com/python/cpython/pull/91993
https://mail.python.org/archives/list/security-announce@python.org/thread/QDSXNCW77UGULFG2JMDFZQ7H4DIR32LA/
https://nvd.nist.gov/vuln/detail/CVE-2015-20107
| +| libpython3.9 | CVE-2021-29921 | CRITICAL | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-29921
https://bugs.python.org/issue36384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
https://docs.python.org/3/library/ipaddress.html
https://errata.almalinux.org/8/ALSA-2021-4162.html
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
https://github.com/python/cpython/pull/12577
https://github.com/python/cpython/pull/25099
https://github.com/sickcodes
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
https://linux.oracle.com/cve/CVE-2021-29921.html
https://linux.oracle.com/errata/ELSA-2021-4162.html
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://security.netapp.com/advisory/ntap-20210622-0003/
https://sick.codes/sick-2021-014
https://ubuntu.com/security/notices/USN-4973-1
https://ubuntu.com/security/notices/USN-4973-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libpython3.9 | CVE-2021-3737 | HIGH | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3737
https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737
https://errata.almalinux.org/8/ALSA-2022-1986.html
https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://linux.oracle.com/cve/CVE-2021-3737.html
https://linux.oracle.com/errata/ELSA-2022-1986.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3737
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://security.netapp.com/advisory/ntap-20220407-0009/
https://ubuntu.com/security/CVE-2021-3737
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/notices/USN-5199-1
https://ubuntu.com/security/notices/USN-5200-1
https://ubuntu.com/security/notices/USN-5201-1
| +| libpython3.9 | CVE-2022-0391 | HIGH | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0391
https://bugs.python.org/issue43882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
https://errata.almalinux.org/8/ALSA-2022-1821.html
https://linux.oracle.com/cve/CVE-2022-0391.html
https://linux.oracle.com/errata/ELSA-2022-1821.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/
https://nvd.nist.gov/vuln/detail/CVE-2022-0391
https://security.netapp.com/advisory/ntap-20220225-0009/
https://ubuntu.com/security/notices/USN-5342-1
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libpython3.9 | CVE-2021-3426 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3426
https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://ubuntu.com/security/notices/USN-5342-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libpython3.9 | CVE-2021-3733 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3733
https://bugs.python.org/issue43075
https://bugzilla.redhat.com/show_bug.cgi?id=1995234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final
https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final
https://errata.almalinux.org/8/ALSA-2022-1821.html
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)
https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)
https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)
https://github.com/python/cpython/pull/24391
https://linux.oracle.com/cve/CVE-2021-3733.html
https://linux.oracle.com/errata/ELSA-2022-1821.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3733
https://security.netapp.com/advisory/ntap-20220407-0001/
https://ubuntu.com/security/CVE-2021-3733
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/notices/USN-5199-1
https://ubuntu.com/security/notices/USN-5200-1
| +| libpython3.9 | CVE-2021-4189 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-4189
https://bugs.python.org/issue43285
https://bugzilla.redhat.com/show_bug.cgi?id=2036020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189
https://errata.almalinux.org/8/ALSA-2022-1986.html
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
https://linux.oracle.com/cve/CVE-2021-4189.html
https://linux.oracle.com/errata/ELSA-2022-1986.html
https://ubuntu.com/security/notices/USN-5342-1
| +| libpython3.9 | CVE-2020-27619 | LOW | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2020-27619
https://bugs.python.org/issue41944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
https://errata.almalinux.org/8/ALSA-2021-4162.html
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
https://linux.oracle.com/cve/CVE-2020-27619.html
https://linux.oracle.com/errata/ELSA-2021-4151.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://nvd.nist.gov/vuln/detail/CVE-2020-27619
https://security.netapp.com/advisory/ntap-20201123-0004/
https://ubuntu.com/security/notices/USN-4754-1
https://ubuntu.com/security/notices/USN-4754-3
| +| libpython3.9-minimal | CVE-2015-20107 | CRITICAL | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2015-20107
https://bugs.python.org/issue24778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107
https://github.com/python/cpython/issues/68966
https://github.com/python/cpython/pull/91542/commits/340251550897cb98ae83ad1040750d6300112e80
https://github.com/python/cpython/pull/91993
https://mail.python.org/archives/list/security-announce@python.org/thread/QDSXNCW77UGULFG2JMDFZQ7H4DIR32LA/
https://nvd.nist.gov/vuln/detail/CVE-2015-20107
| +| libpython3.9-minimal | CVE-2021-29921 | CRITICAL | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-29921
https://bugs.python.org/issue36384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
https://docs.python.org/3/library/ipaddress.html
https://errata.almalinux.org/8/ALSA-2021-4162.html
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
https://github.com/python/cpython/pull/12577
https://github.com/python/cpython/pull/25099
https://github.com/sickcodes
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
https://linux.oracle.com/cve/CVE-2021-29921.html
https://linux.oracle.com/errata/ELSA-2021-4162.html
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://security.netapp.com/advisory/ntap-20210622-0003/
https://sick.codes/sick-2021-014
https://ubuntu.com/security/notices/USN-4973-1
https://ubuntu.com/security/notices/USN-4973-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libpython3.9-minimal | CVE-2021-3737 | HIGH | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3737
https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737
https://errata.almalinux.org/8/ALSA-2022-1986.html
https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://linux.oracle.com/cve/CVE-2021-3737.html
https://linux.oracle.com/errata/ELSA-2022-1986.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3737
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://security.netapp.com/advisory/ntap-20220407-0009/
https://ubuntu.com/security/CVE-2021-3737
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/notices/USN-5199-1
https://ubuntu.com/security/notices/USN-5200-1
https://ubuntu.com/security/notices/USN-5201-1
| +| libpython3.9-minimal | CVE-2022-0391 | HIGH | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0391
https://bugs.python.org/issue43882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
https://errata.almalinux.org/8/ALSA-2022-1821.html
https://linux.oracle.com/cve/CVE-2022-0391.html
https://linux.oracle.com/errata/ELSA-2022-1821.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/
https://nvd.nist.gov/vuln/detail/CVE-2022-0391
https://security.netapp.com/advisory/ntap-20220225-0009/
https://ubuntu.com/security/notices/USN-5342-1
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libpython3.9-minimal | CVE-2021-3426 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3426
https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://ubuntu.com/security/notices/USN-5342-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libpython3.9-minimal | CVE-2021-3733 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3733
https://bugs.python.org/issue43075
https://bugzilla.redhat.com/show_bug.cgi?id=1995234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final
https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final
https://errata.almalinux.org/8/ALSA-2022-1821.html
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)
https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)
https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)
https://github.com/python/cpython/pull/24391
https://linux.oracle.com/cve/CVE-2021-3733.html
https://linux.oracle.com/errata/ELSA-2022-1821.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3733
https://security.netapp.com/advisory/ntap-20220407-0001/
https://ubuntu.com/security/CVE-2021-3733
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/notices/USN-5199-1
https://ubuntu.com/security/notices/USN-5200-1
| +| libpython3.9-minimal | CVE-2021-4189 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-4189
https://bugs.python.org/issue43285
https://bugzilla.redhat.com/show_bug.cgi?id=2036020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189
https://errata.almalinux.org/8/ALSA-2022-1986.html
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
https://linux.oracle.com/cve/CVE-2021-4189.html
https://linux.oracle.com/errata/ELSA-2022-1986.html
https://ubuntu.com/security/notices/USN-5342-1
| +| libpython3.9-minimal | CVE-2020-27619 | LOW | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2020-27619
https://bugs.python.org/issue41944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
https://errata.almalinux.org/8/ALSA-2021-4162.html
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
https://linux.oracle.com/cve/CVE-2020-27619.html
https://linux.oracle.com/errata/ELSA-2021-4151.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://nvd.nist.gov/vuln/detail/CVE-2020-27619
https://security.netapp.com/advisory/ntap-20201123-0004/
https://ubuntu.com/security/notices/USN-4754-1
https://ubuntu.com/security/notices/USN-4754-3
| +| libpython3.9-stdlib | CVE-2015-20107 | CRITICAL | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2015-20107
https://bugs.python.org/issue24778
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20107
https://github.com/python/cpython/issues/68966
https://github.com/python/cpython/pull/91542/commits/340251550897cb98ae83ad1040750d6300112e80
https://github.com/python/cpython/pull/91993
https://mail.python.org/archives/list/security-announce@python.org/thread/QDSXNCW77UGULFG2JMDFZQ7H4DIR32LA/
https://nvd.nist.gov/vuln/detail/CVE-2015-20107
| +| libpython3.9-stdlib | CVE-2021-29921 | CRITICAL | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-29921
https://bugs.python.org/issue36384
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29921
https://docs.python.org/3/library/ipaddress.html
https://errata.almalinux.org/8/ALSA-2021-4162.html
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
https://github.com/python/cpython/pull/12577
https://github.com/python/cpython/pull/25099
https://github.com/sickcodes
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
https://linux.oracle.com/cve/CVE-2021-29921.html
https://linux.oracle.com/errata/ELSA-2021-4162.html
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
https://security.netapp.com/advisory/ntap-20210622-0003/
https://sick.codes/sick-2021-014
https://ubuntu.com/security/notices/USN-4973-1
https://ubuntu.com/security/notices/USN-4973-2
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libpython3.9-stdlib | CVE-2021-3737 | HIGH | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3737
https://bugs.python.org/issue44022
https://bugzilla.redhat.com/show_bug.cgi?id=1995162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3737
https://errata.almalinux.org/8/ALSA-2022-1986.html
https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch)
https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11)
https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14
https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6)
https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2)
https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3)
https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6)
https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11)
https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14)
https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11)
https://github.com/python/cpython/pull/25916
https://github.com/python/cpython/pull/26503
https://linux.oracle.com/cve/CVE-2021-3737.html
https://linux.oracle.com/errata/ELSA-2022-1986.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3737
https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html
https://security.netapp.com/advisory/ntap-20220407-0009/
https://ubuntu.com/security/CVE-2021-3737
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/notices/USN-5199-1
https://ubuntu.com/security/notices/USN-5200-1
https://ubuntu.com/security/notices/USN-5201-1
| +| libpython3.9-stdlib | CVE-2022-0391 | HIGH | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0391
https://bugs.python.org/issue43882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0391
https://errata.almalinux.org/8/ALSA-2022-1821.html
https://linux.oracle.com/cve/CVE-2022-0391.html
https://linux.oracle.com/errata/ELSA-2022-1821.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSD2YBXP3ZF44E44QMIIAR5VTO35KTRB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDBDBAU6HUPZHISBOARTXZ5GKHF2VH5U/
https://nvd.nist.gov/vuln/detail/CVE-2022-0391
https://security.netapp.com/advisory/ntap-20220225-0009/
https://ubuntu.com/security/notices/USN-5342-1
https://www.oracle.com/security-alerts/cpuapr2022.html
| +| libpython3.9-stdlib | CVE-2021-3426 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3426
https://bugzilla.redhat.com/show_bug.cgi?id=1935913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3426
https://github.com/python/cpython/pull/24285
https://github.com/python/cpython/pull/24337
https://linux.oracle.com/cve/CVE-2021-3426.html
https://linux.oracle.com/errata/ELSA-2021-9562.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQYPUKLLBOZMKFPO7RD7CENTXHUUEUV7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LM5V4VPLBHBEASSAROYPSHXGXGGPHNOE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6VXJZSZ6N64AILJX4CTMACYGQGHHD5C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNGAFMPIYIVJ47FCF2NK2PIX22HUG35B/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPX7Y5GQDNB4FJTREWONGC4ZSVH7TGHF/
https://python-security.readthedocs.io/vuln/pydoc-getfile.html
https://security.gentoo.org/glsa/202104-04
https://security.netapp.com/advisory/ntap-20210629-0003/
https://ubuntu.com/security/notices/USN-5342-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| +| libpython3.9-stdlib | CVE-2021-3733 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-3733
https://bugs.python.org/issue43075
https://bugzilla.redhat.com/show_bug.cgi?id=1995234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3733
https://docs.python.org/3.6/whatsnew/changelog.html#python-3-6-14-final
https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-11-final
https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-10-final
https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-5-final
https://errata.almalinux.org/8/ALSA-2022-1821.html
https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14)
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb
https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master)
https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5)
https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11)
https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10)
https://github.com/python/cpython/pull/24391
https://linux.oracle.com/cve/CVE-2021-3733.html
https://linux.oracle.com/errata/ELSA-2022-1821.html
https://nvd.nist.gov/vuln/detail/CVE-2021-3733
https://security.netapp.com/advisory/ntap-20220407-0001/
https://ubuntu.com/security/CVE-2021-3733
https://ubuntu.com/security/notices/USN-5083-1
https://ubuntu.com/security/notices/USN-5199-1
https://ubuntu.com/security/notices/USN-5200-1
| +| libpython3.9-stdlib | CVE-2021-4189 | MEDIUM | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-4189
https://bugs.python.org/issue43285
https://bugzilla.redhat.com/show_bug.cgi?id=2036020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4189
https://errata.almalinux.org/8/ALSA-2022-1986.html
https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master)
https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14)
https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11)
https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3)
https://linux.oracle.com/cve/CVE-2021-4189.html
https://linux.oracle.com/errata/ELSA-2022-1986.html
https://ubuntu.com/security/notices/USN-5342-1
| +| libpython3.9-stdlib | CVE-2020-27619 | LOW | 3.9.2-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2020-27619
https://bugs.python.org/issue41944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27619
https://errata.almalinux.org/8/ALSA-2021-4162.html
https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8
https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9
https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33
https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794
https://github.com/python/cpython/commit/e912e945f2960029d039d3390ea08835ad39374b
https://linux.oracle.com/cve/CVE-2020-27619.html
https://linux.oracle.com/errata/ELSA-2021-4151.html
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RSLQD5CCM75IZGAMBDGUZEATYU5YSGJ7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGIY6I4YS3WOXAK4SXKIEOC2G4VZKIR7/
https://nvd.nist.gov/vuln/detail/CVE-2020-27619
https://security.netapp.com/advisory/ntap-20201123-0004/
https://ubuntu.com/security/notices/USN-4754-1
https://ubuntu.com/security/notices/USN-4754-3
| +| libsepol1 | CVE-2021-36084 | LOW | 3.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36084
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://ubuntu.com/security/notices/USN-5391-1
| +| libsepol1 | CVE-2021-36085 | LOW | 3.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36085
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://ubuntu.com/security/notices/USN-5391-1
| +| libsepol1 | CVE-2021-36086 | LOW | 3.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36086
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36086
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml
https://linux.oracle.com/cve/CVE-2021-36086.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://ubuntu.com/security/notices/USN-5391-1
| +| libsepol1 | CVE-2021-36087 | LOW | 3.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36087
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36087
https://errata.almalinux.org/8/ALSA-2021-4513.html
https://github.com/SELinuxProject/selinux/commit/340f0eb7f3673e8aacaf0a96cbfcd4d12a405521
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml
https://linux.oracle.com/cve/CVE-2021-36087.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
https://lore.kernel.org/selinux/CAEN2sdqJKHvDzPnxS-J8grU8fSf32DDtx=kyh84OsCq_Vm+yaQ@mail.gmail.com/T/
https://ubuntu.com/security/notices/USN-5391-1
| +| libsmartcols1 | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| +| libsqlite3-0 | CVE-2021-45346 | MEDIUM | 3.34.1-3 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-45346
https://github.com/guyinatuxedo/sqlite3_record_leaking
https://security.netapp.com/advisory/ntap-20220303-0001/
https://sqlite.org/forum/forumpost/53de8864ba114bf6
| +| libsqlite3-0 | CVE-2021-36690 | LOW | 3.34.1-3 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36690
https://nvd.nist.gov/vuln/detail/CVE-2021-36690
https://ubuntu.com/security/notices/USN-5403-1
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.sqlite.org/forum/forumpost/718c0a8d17
| +| libss2 | CVE-2022-1304 | HIGH | 1.46.2-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
| +| libssl1.1 | CVE-2007-6755 | LOW | 1.1.1n-0+deb11u2 | |
Expand...http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
http://www.securityfocus.com/bid/63657
https://access.redhat.com/security/cve/CVE-2007-6755
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
| +| libssl1.1 | CVE-2010-0928 | LOW | 1.1.1n-0+deb11u2 | |
Expand...http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/
http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
http://www.osvdb.org/62808
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
https://access.redhat.com/security/cve/CVE-2010-0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/56750
| +| libsystemd0 | CVE-2013-4392 | LOW | 247.3-7 | |
Expand...http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
http://www.openwall.com/lists/oss-security/2013/10/01/9
https://access.redhat.com/security/cve/CVE-2013-4392
https://bugzilla.redhat.com/show_bug.cgi?id=859060
| +| libsystemd0 | CVE-2020-13529 | LOW | 247.3-7 | |
Expand...http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://access.redhat.com/security/cve/CVE-2020-13529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| +| libtinfo6 | CVE-2022-29458 | HIGH | 6.2+20201114-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| +| libtinfo6 | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| +| libudev1 | CVE-2013-4392 | LOW | 247.3-7 | |
Expand...http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357
http://www.openwall.com/lists/oss-security/2013/10/01/9
https://access.redhat.com/security/cve/CVE-2013-4392
https://bugzilla.redhat.com/show_bug.cgi?id=859060
| +| libudev1 | CVE-2020-13529 | LOW | 247.3-7 | |
Expand...http://www.openwall.com/lists/oss-security/2021/08/04/2
http://www.openwall.com/lists/oss-security/2021/08/17/3
http://www.openwall.com/lists/oss-security/2021/09/07/3
https://access.redhat.com/security/cve/CVE-2020-13529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13529
https://linux.oracle.com/cve/CVE-2020-13529.html
https://linux.oracle.com/errata/ELSA-2021-4361.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/
https://security.gentoo.org/glsa/202107-48
https://security.netapp.com/advisory/ntap-20210625-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142
https://ubuntu.com/security/notices/USN-5013-1
https://ubuntu.com/security/notices/USN-5013-2
| +| libuuid1 | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| +| login | CVE-2007-5686 | LOW | 1:4.8.1-1 | |
Expand...http://secunia.com/advisories/27215
http://www.securityfocus.com/archive/1/482129/100/100/threaded
http://www.securityfocus.com/archive/1/482857/100/0/threaded
http://www.securityfocus.com/bid/26048
http://www.vupen.com/english/advisories/2007/3474
https://issues.rpath.com/browse/RPL-1825
| +| login | CVE-2013-4235 | LOW | 1:4.8.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| +| login | CVE-2019-19882 | LOW | 1:4.8.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-19882
https://bugs.archlinux.org/task/64836
https://bugs.gentoo.org/702252
https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
https://github.com/shadow-maint/shadow/pull/199
https://github.com/void-linux/void-packages/pull/17580
https://security.gentoo.org/glsa/202008-09
| +| logsave | CVE-2022-1304 | HIGH | 1.46.2-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1304
https://bugzilla.redhat.com/show_bug.cgi?id=2069726
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1304
https://marc.info/?l=linux-ext4&m=165056234501732&w=2
https://nvd.nist.gov/vuln/detail/CVE-2022-1304
https://ubuntu.com/security/notices/USN-5464-1
| +| mariadb-common | CVE-2021-46669 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-46669
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46669
https://jira.mariadb.org/browse/MDEV-25638
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRJCSPQHYPKTWXXZVDMY6JAHZJQ4TZ5X/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KHEOTQ63YWC3PGHGDFGS7AZIEXCGOPWH/
https://mariadb.com/kb/en/security/
https://nvd.nist.gov/vuln/detail/CVE-2021-46669
https://security.netapp.com/advisory/ntap-20220221-0002/
| +| mariadb-common | CVE-2022-27376 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27376
https://jira.mariadb.org/browse/MDEV-26354
https://nvd.nist.gov/vuln/detail/CVE-2022-27376
https://security.netapp.com/advisory/ntap-20220519-0007/
| +| mariadb-common | CVE-2022-27377 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27377
https://jira.mariadb.org/browse/MDEV-26281
https://nvd.nist.gov/vuln/detail/CVE-2022-27377
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| mariadb-common | CVE-2022-27378 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27378
https://jira.mariadb.org/browse/MDEV-26423
https://nvd.nist.gov/vuln/detail/CVE-2022-27378
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| mariadb-common | CVE-2022-27379 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27379
https://jira.mariadb.org/browse/MDEV-26353
https://nvd.nist.gov/vuln/detail/CVE-2022-27379
https://security.netapp.com/advisory/ntap-20220526-0005/
| +| mariadb-common | CVE-2022-27380 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27380
https://jira.mariadb.org/browse/MDEV-26280
https://nvd.nist.gov/vuln/detail/CVE-2022-27380
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| mariadb-common | CVE-2022-27381 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27381
https://jira.mariadb.org/browse/MDEV-26061
https://nvd.nist.gov/vuln/detail/CVE-2022-27381
https://security.netapp.com/advisory/ntap-20220519-0006/
| +| mariadb-common | CVE-2022-27382 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27382
https://jira.mariadb.org/browse/MDEV-26402
https://nvd.nist.gov/vuln/detail/CVE-2022-27382
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| mariadb-common | CVE-2022-27383 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27383
https://jira.mariadb.org/browse/MDEV-26323
https://nvd.nist.gov/vuln/detail/CVE-2022-27383
https://security.netapp.com/advisory/ntap-20220519-0006/
| +| mariadb-common | CVE-2022-27384 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27384
https://jira.mariadb.org/browse/MDEV-26047
https://nvd.nist.gov/vuln/detail/CVE-2022-27384
https://security.netapp.com/advisory/ntap-20220519-0006/
| +| mariadb-common | CVE-2022-27385 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27385
https://jira.mariadb.org/browse/MDEV-26415
https://nvd.nist.gov/vuln/detail/CVE-2022-27385
https://security.netapp.com/advisory/ntap-20220526-0008/
| +| mariadb-common | CVE-2022-27386 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27386
https://jira.mariadb.org/browse/MDEV-26406
https://nvd.nist.gov/vuln/detail/CVE-2022-27386
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| mariadb-common | CVE-2022-27387 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27387
https://jira.mariadb.org/browse/MDEV-26422
https://nvd.nist.gov/vuln/detail/CVE-2022-27387
https://security.netapp.com/advisory/ntap-20220526-0004/
| +| mariadb-common | CVE-2022-27444 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27444
https://jira.mariadb.org/browse/MDEV-28080
https://nvd.nist.gov/vuln/detail/CVE-2022-27444
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27445 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27445
https://jira.mariadb.org/browse/MDEV-28081
https://nvd.nist.gov/vuln/detail/CVE-2022-27445
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27446 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27446
https://jira.mariadb.org/browse/MDEV-28082
https://nvd.nist.gov/vuln/detail/CVE-2022-27446
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27447 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27447
https://jira.mariadb.org/browse/MDEV-28099
https://nvd.nist.gov/vuln/detail/CVE-2022-27447
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27448 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27448
https://jira.mariadb.org/browse/MDEV-28095
https://nvd.nist.gov/vuln/detail/CVE-2022-27448
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27449 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27449
https://jira.mariadb.org/browse/MDEV-28089
https://nvd.nist.gov/vuln/detail/CVE-2022-27449
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27451 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27451
https://jira.mariadb.org/browse/MDEV-28094
https://nvd.nist.gov/vuln/detail/CVE-2022-27451
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27452 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27452
https://jira.mariadb.org/browse/MDEV-28090
https://nvd.nist.gov/vuln/detail/CVE-2022-27452
https://security.netapp.com/advisory/ntap-20220526-0006/
| +| mariadb-common | CVE-2022-27455 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27455
https://jira.mariadb.org/browse/MDEV-28097
https://nvd.nist.gov/vuln/detail/CVE-2022-27455
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| mariadb-common | CVE-2022-27456 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27456
https://jira.mariadb.org/browse/MDEV-28093
https://nvd.nist.gov/vuln/detail/CVE-2022-27456
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| mariadb-common | CVE-2022-27457 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27457
https://jira.mariadb.org/browse/MDEV-28098
https://nvd.nist.gov/vuln/detail/CVE-2022-27457
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| mariadb-common | CVE-2022-27458 | HIGH | 1:10.5.15-0+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27458
https://jira.mariadb.org/browse/MDEV-28099
https://nvd.nist.gov/vuln/detail/CVE-2022-27458
https://security.netapp.com/advisory/ntap-20220526-0007/
| +| mount | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| +| ncurses-base | CVE-2022-29458 | HIGH | 6.2+20201114-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| +| ncurses-base | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| +| ncurses-bin | CVE-2022-29458 | HIGH | 6.2+20201114-2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| +| ncurses-bin | CVE-2021-39537 | LOW | 6.2+20201114-2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| +| openssl | CVE-2007-6755 | LOW | 1.1.1n-0+deb11u2 | |
Expand...http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
http://rump2007.cr.yp.to/15-shumow.pdf
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
http://www.securityfocus.com/bid/63657
https://access.redhat.com/security/cve/CVE-2007-6755
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
| +| openssl | CVE-2010-0928 | LOW | 1.1.1n-0+deb11u2 | |
Expand...http://rdist.root.org/2010/03/08/attacking-rsa-exponentiation-with-fault-injection/
http://www.eecs.umich.edu/%7Evaleria/research/publications/DATE10RSA.pdf
http://www.networkworld.com/news/2010/030410-rsa-security-attack.html
http://www.osvdb.org/62808
http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/
https://access.redhat.com/security/cve/CVE-2010-0928
https://exchange.xforce.ibmcloud.com/vulnerabilities/56750
| +| passwd | CVE-2007-5686 | LOW | 1:4.8.1-1 | |
Expand...http://secunia.com/advisories/27215
http://www.securityfocus.com/archive/1/482129/100/100/threaded
http://www.securityfocus.com/archive/1/482857/100/0/threaded
http://www.securityfocus.com/bid/26048
http://www.vupen.com/english/advisories/2007/3474
https://issues.rpath.com/browse/RPL-1825
| +| passwd | CVE-2013-4235 | LOW | 1:4.8.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| +| passwd | CVE-2019-19882 | LOW | 1:4.8.1-1 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-19882
https://bugs.archlinux.org/task/64836
https://bugs.gentoo.org/702252
https://github.com/shadow-maint/shadow/commit/edf7547ad5aa650be868cf2dac58944773c12d75
https://github.com/shadow-maint/shadow/pull/199
https://github.com/void-linux/void-packages/pull/17580
https://security.gentoo.org/glsa/202008-09
| +| perl-base | CVE-2020-16156 | HIGH | 5.32.1-4+deb11u2 | |
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
| +| perl-base | CVE-2011-4116 | LOW | 5.32.1-4+deb11u2 | |
Expand...http://www.openwall.com/lists/oss-security/2011/11/04/2
http://www.openwall.com/lists/oss-security/2011/11/04/4
https://access.redhat.com/security/cve/CVE-2011-4116
https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14
https://rt.cpan.org/Public/Bug/Display.html?id=69106
https://seclists.org/oss-sec/2011/q4/238
| +| tar | CVE-2005-2541 | LOW | 1.34+dfsg-1 | |
Expand...http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://access.redhat.com/security/cve/CVE-2005-2541
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
| +| util-linux | CVE-2022-0563 | LOW | 2.36.1-8+deb11u1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-0563
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
https://nvd.nist.gov/vuln/detail/CVE-2022-0563
https://security.netapp.com/advisory/ntap-20220331-0002/
| + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |
Expand...https://go.dev/cl/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113
| + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |
Expand...https://go.dev/cl/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113
| + +**gobinary** + + +| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | +|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| +| golang.org/x/text | CVE-2021-38561 | UNKNOWN | v0.3.5 | 0.3.7 |
Expand...https://go.dev/cl/340830
https://go.googlesource.com/text/+/383b2e75a7a4198c42f8f87833eefb772868a56f
https://pkg.go.dev/vuln/GO-2021-0113
| + +**gobinary** + + +| No Vulnerabilities found | +|:---------------------------------| diff --git a/stable/scrutiny/2.0.4/templates/common.yaml b/stable/scrutiny/2.0.5/templates/common.yaml similarity index 100% rename from stable/scrutiny/2.0.4/templates/common.yaml rename to stable/scrutiny/2.0.5/templates/common.yaml diff --git a/stable/scrutiny/2.0.4/values.yaml b/stable/scrutiny/2.0.5/values.yaml similarity index 100% rename from stable/scrutiny/2.0.4/values.yaml rename to stable/scrutiny/2.0.5/values.yaml