--- hide: - toc --- # Security Overview ## Helm-Chart ##### Scan Results #### Chart Object: omada-controller/templates/common.yaml | Type | Misconfiguration ID | Check | Severity | Explaination | Links | |:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'RELEASE-NAME-omada-controller' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv001
| | Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM |
Expand... A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.allowPrivilegeEscalation' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv001
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-omada-controller' of Deployment 'RELEASE-NAME-omada-controller' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/misconfig/ksv003
| | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/misconfig/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-omada-controller' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv012
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-omada-controller' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/misconfig/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/misconfig/ksv014
| | Kubernetes Security Check | KSV017 | Privileged container | HIGH |
Expand... Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.privileged' to false
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
https://avd.aquasec.com/misconfig/ksv017
| | Kubernetes Security Check | KSV020 | Runs with low user ID | LOW |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-omada-controller' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | LOW |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv020
| | Kubernetes Security Check | KSV021 | Runs with low group ID | LOW |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-omada-controller' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv021
| | Kubernetes Security Check | KSV021 | Runs with low group ID | LOW |
Expand... Force the container to run with group ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-omada-controller' should set 'securityContext.runAsGroup' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/misconfig/ksv021
| | Kubernetes Security Check | KSV030 | Default Seccomp profile not set | LOW |
Expand... The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.


Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv030
| | Kubernetes Security Check | KSV030 | Default Seccomp profile not set | LOW |
Expand... The RuntimeDefault/Localhost seccomp profile must be required, or allow specific additional profiles.


Either Pod or Container should set 'securityContext.seccompProfile.type' to 'RuntimeDefault'
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv030
| | Kubernetes Security Check | KSV105 | Containers must not set runAsUser to 0 | LOW |
Expand... Containers should be forbidden from running with a root UID.


securityContext.runAsUser should be set to a value greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv105
| | Kubernetes Security Check | KSV105 | Containers must not set runAsUser to 0 | LOW |
Expand... Containers should be forbidden from running with a root UID.


securityContext.runAsUser should be set to a value greater than 0
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv105
| | Kubernetes Security Check | KSV106 | Container capabilities must only include NET_BIND_SERVICE | LOW |
Expand... Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.


container should drop all
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv106
| | Kubernetes Security Check | KSV106 | Container capabilities must only include NET_BIND_SERVICE | LOW |
Expand... Containers must drop ALL capabilities, and are only permitted to add back the NET_BIND_SERVICE capability.


container should drop all
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/misconfig/ksv106
| ## Containers ##### Detected Containers tccr.io/truecharts/alpine:v3.16.0@sha256:16dc15f3d61a1e30b1df9f839e53636847b6097286b2b74c637b25fd8264f730 tccr.io/truecharts/omada-controller:v5.3@sha256:020b3a9b64d9779ffbbe50d49adc75bb371c311ed18beb565b374b596bc9b09f ##### Scan Results #### Container: tccr.io/truecharts/alpine:v3.16.0@sha256:16dc15f3d61a1e30b1df9f839e53636847b6097286b2b74c637b25fd8264f730 (alpine 3.16.0) **alpine** | No Vulnerabilities found | |:---------------------------------| #### Container: tccr.io/truecharts/omada-controller:v5.3@sha256:020b3a9b64d9779ffbbe50d49adc75bb371c311ed18beb565b374b596bc9b09f (ubuntu 20.04) **ubuntu** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | coreutils | CVE-2016-2781 | LOW | 8.30-3ubuntu2 | |
Expand...http://seclists.org/oss-sec/2016/q1/452
http://www.openwall.com/lists/oss-security/2016/02/28/2
http://www.openwall.com/lists/oss-security/2016/02/28/3
https://access.redhat.com/security/cve/CVE-2016-2781
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2781
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lore.kernel.org/patchwork/patch/793178/
https://nvd.nist.gov/vuln/detail/CVE-2016-2781
| | libc-bin | CVE-2016-20013 | LOW | 2.31-0ubuntu9.9 | |
Expand...https://akkadia.org/drepper/SHA-crypt.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20013
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
https://twitter.com/solardiz/status/795601240151457793
| | libc6 | CVE-2016-20013 | LOW | 2.31-0ubuntu9.9 | |
Expand...https://akkadia.org/drepper/SHA-crypt.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-20013
https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/
https://twitter.com/solardiz/status/795601240151457793
| | libfreetype6 | CVE-2022-27404 | MEDIUM | 2.10.1-2ubuntu0.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-27404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27404
https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27404
| | libfreetype6 | CVE-2022-27405 | LOW | 2.10.1-2ubuntu0.1 | |
Expand...http://freetype.com
https://access.redhat.com/security/cve/CVE-2022-27405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27405
https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27405
| | libfreetype6 | CVE-2022-27406 | LOW | 2.10.1-2ubuntu0.1 | |
Expand...http://freetype.com
https://access.redhat.com/security/cve/CVE-2022-27406
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27406
https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2
https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EFPNRKDLCXHZVYYQLQMP44UHLU32GA6Z/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FDU2FOEMCEF6WVR6ZBIH5MT5O7FAK6UP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IWQ7IB2A75MEHM63WEUXBYEC7OR5SGDY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYVC2NPKKXKP3TWJWG4ONYWNO6ZPHLA5/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TCEMWCM46PKM4U5ENRASPKQD6JDOLKRU/
https://nvd.nist.gov/vuln/detail/CVE-2022-27406
https://ubuntu.com/security/notices/USN-5453-1
| | libgmp10 | CVE-2021-43618 | LOW | 2:6.2.0+dfsg-4 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-43618
https://bugs.debian.org/994405
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43618
https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
https://nvd.nist.gov/vuln/detail/CVE-2021-43618
| | libgssapi-krb5-2 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libgssapi-krb5-2 | CVE-2021-37750 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json
https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
| | libjpeg-turbo8 | CVE-2021-46822 | MEDIUM | 2.0.3-0ubuntu1.20.04.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-46822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46822
https://exchange.xforce.ibmcloud.com/vulnerabilities/221567
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2
| | libjpeg-turbo8 | CVE-2020-17541 | LOW | 2.0.3-0ubuntu1.20.04.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2020-17541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17541
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392
https://linux.oracle.com/cve/CVE-2020-17541.html
https://linux.oracle.com/errata/ELSA-2021-4288.html
https://nvd.nist.gov/vuln/detail/CVE-2020-17541
| | libk5crypto3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libk5crypto3 | CVE-2021-37750 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json
https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
| | libkrb5-3 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libkrb5-3 | CVE-2021-37750 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json
https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
| | libkrb5support0 | CVE-2021-36222 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-36222
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222
https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-36222.html
https://linux.oracle.com/errata/ELSA-2021-3576.html
https://nvd.nist.gov/vuln/detail/CVE-2021-36222
https://security.netapp.com/advisory/ntap-20211022-0003/
https://security.netapp.com/advisory/ntap-20211104-0007/
https://web.mit.edu/kerberos/advisories/
https://www.debian.org/security/2021/dsa-4944
https://www.oracle.com/security-alerts/cpuoct2021.html
| | libkrb5support0 | CVE-2021-37750 | MEDIUM | 1.17-6ubuntu4.1 | |
Expand...https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json
https://access.redhat.com/security/cve/CVE-2021-37750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750
https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
https://github.com/krb5/krb5/releases
https://linux.oracle.com/cve/CVE-2021-37750.html
https://linux.oracle.com/errata/ELSA-2021-4788.html
https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
https://nvd.nist.gov/vuln/detail/CVE-2021-37750
https://security.netapp.com/advisory/ntap-20210923-0002/
https://web.mit.edu/kerberos/advisories/
| | libncurses6 | CVE-2021-39537 | LOW | 6.2-0ubuntu2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | libncurses6 | CVE-2022-29458 | LOW | 6.2-0ubuntu2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| | libncursesw6 | CVE-2021-39537 | LOW | 6.2-0ubuntu2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | libncursesw6 | CVE-2022-29458 | LOW | 6.2-0ubuntu2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| | libnss3 | CVE-2022-22747 | LOW | 2:3.49.1-1ubuntu1.7 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-22747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747
https://linux.oracle.com/cve/CVE-2022-22747.html
https://linux.oracle.com/errata/ELSA-2022-0130.html
https://ubuntu.com/security/notices/USN-5229-1
https://ubuntu.com/security/notices/USN-5246-1
https://ubuntu.com/security/notices/USN-5248-1
https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22747
| | libpcre2-8-0 | CVE-2022-1586 | LOW | 10.34-7 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1586
https://bugzilla.redhat.com/show_bug.cgi?id=2077976,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1586
https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,
https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://nvd.nist.gov/vuln/detail/CVE-2022-1586
| | libpcre2-8-0 | CVE-2022-1587 | LOW | 10.34-7 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-1587
https://bugzilla.redhat.com/show_bug.cgi?id=2077983,
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1587
https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
https://nvd.nist.gov/vuln/detail/CVE-2022-1587
| | libpcre3 | CVE-2017-11164 | LOW | 2:8.39-12ubuntu0.1 | |
Expand...http://openwall.com/lists/oss-security/2017/07/11/3
http://www.securityfocus.com/bid/99575
https://access.redhat.com/security/cve/CVE-2017-11164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libpcrecpp0v5 | CVE-2017-11164 | LOW | 2:8.39-12ubuntu0.1 | |
Expand...http://openwall.com/lists/oss-security/2017/07/11/3
http://www.securityfocus.com/bid/99575
https://access.redhat.com/security/cve/CVE-2017-11164
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
| | libsqlite3-0 | CVE-2020-9794 | MEDIUM | 3.31.1-4ubuntu0.3 | |
Expand...https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9794
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/HT211168
https://support.apple.com/HT211170
https://support.apple.com/HT211171
https://support.apple.com/HT211175
https://support.apple.com/HT211178
https://support.apple.com/HT211179
https://support.apple.com/HT211181
https://vuldb.com/?id.155768
| | libsqlite3-0 | CVE-2020-9849 | LOW | 3.31.1-4ubuntu0.3 | |
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/en-us/HT211843
https://support.apple.com/en-us/HT211844
https://support.apple.com/en-us/HT211850
https://support.apple.com/en-us/HT211931
https://support.apple.com/en-us/HT211935
https://support.apple.com/en-us/HT211952
https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9849/
| | libsqlite3-0 | CVE-2020-9991 | LOW | 3.31.1-4ubuntu0.3 | |
Expand...http://seclists.org/fulldisclosure/2020/Dec/32
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/en-us/HT211843
https://support.apple.com/en-us/HT211844
https://support.apple.com/en-us/HT211847
https://support.apple.com/en-us/HT211850
https://support.apple.com/en-us/HT211931
https://support.apple.com/kb/HT211846
https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/
| | libssl1.1 | CVE-2022-2068 | MEDIUM | 1.1.1f-1ubuntu2.13 | 1.1.1f-1ubuntu2.15 |
Expand...https://access.redhat.com/security/cve/CVE-2022-2068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
https://ubuntu.com/security/notices/USN-5488-1
https://www.openssl.org/news/secadv/20220621.txt
| | libtinfo6 | CVE-2021-39537 | LOW | 6.2-0ubuntu2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | libtinfo6 | CVE-2022-29458 | LOW | 6.2-0ubuntu2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| | libyaml-cpp0.6 | CVE-2017-11692 | LOW | 0.6.2-4ubuntu1 | |
Expand...https://access.redhat.com/security/cve/CVE-2017-11692
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11692
https://github.com/jbeder/yaml-cpp/issues/519
https://security.gentoo.org/glsa/202007-14
| | libyaml-cpp0.6 | CVE-2017-5950 | LOW | 0.6.2-4ubuntu1 | |
Expand...http://www.securityfocus.com/bid/97307
https://access.redhat.com/security/cve/CVE-2017-5950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5950
https://github.com/jbeder/yaml-cpp/issues/459
| | libyaml-cpp0.6 | CVE-2018-20573 | LOW | 0.6.2-4ubuntu1 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-20573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20573
https://github.com/jbeder/yaml-cpp/issues/655
https://nvd.nist.gov/vuln/detail/CVE-2018-20573
| | libyaml-cpp0.6 | CVE-2018-20574 | LOW | 0.6.2-4ubuntu1 | |
Expand...https://access.redhat.com/security/cve/CVE-2018-20574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20574
https://github.com/jbeder/yaml-cpp/issues/654
https://nvd.nist.gov/vuln/detail/CVE-2018-20574
| | libyaml-cpp0.6 | CVE-2019-6285 | LOW | 0.6.2-4ubuntu1 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-6285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6285
https://github.com/jbeder/yaml-cpp/issues/660
https://nvd.nist.gov/vuln/detail/CVE-2019-6285
| | libyaml-cpp0.6 | CVE-2019-6292 | LOW | 0.6.2-4ubuntu1 | |
Expand...https://access.redhat.com/security/cve/CVE-2019-6292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6292
https://github.com/jbeder/yaml-cpp/issues/657
https://nvd.nist.gov/vuln/detail/CVE-2019-6292
| | login | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04.2 | |
Expand...https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | mongodb-server-core | CVE-2021-32036 | MEDIUM | 1:3.6.9+really3.6.8+90~g8e540c0b6d-0ubuntu5.3 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-32036
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32036
https://jira.mongodb.org/browse/SERVER-59294
| | ncurses-base | CVE-2021-39537 | LOW | 6.2-0ubuntu2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | ncurses-base | CVE-2022-29458 | LOW | 6.2-0ubuntu2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| | ncurses-bin | CVE-2021-39537 | LOW | 6.2-0ubuntu2 | |
Expand...http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
https://access.redhat.com/security/cve/CVE-2021-39537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39537
https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html
https://lists.gnu.org/archive/html/bug-ncurses/2021-10/msg00023.html
https://nvd.nist.gov/vuln/detail/CVE-2021-39537
https://ubuntu.com/security/notices/USN-5477-1
| | ncurses-bin | CVE-2022-29458 | LOW | 6.2-0ubuntu2 | |
Expand...https://access.redhat.com/security/cve/CVE-2022-29458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29458
https://invisible-island.net/ncurses/NEWS.html#t20220416
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2022-29458
https://ubuntu.com/security/notices/USN-5477-1
| | openssl | CVE-2022-2068 | MEDIUM | 1.1.1f-1ubuntu2.13 | 1.1.1f-1ubuntu2.15 |
Expand...https://access.redhat.com/security/cve/CVE-2022-2068
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
https://ubuntu.com/security/notices/USN-5488-1
https://www.openssl.org/news/secadv/20220621.txt
| | passwd | CVE-2013-4235 | LOW | 1:4.8.1-1ubuntu5.20.04.2 | |
Expand...https://access.redhat.com/security/cve/CVE-2013-4235
https://access.redhat.com/security/cve/cve-2013-4235
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4235
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2013-4235
| | perl-base | CVE-2020-16156 | MEDIUM | 5.30.0-9ubuntu0.2 | |
Expand...http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
https://access.redhat.com/security/cve/CVE-2020-16156
https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16156
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
https://metacpan.org/pod/distribution/CPAN/scripts/cpan
| | wget | CVE-2021-31879 | MEDIUM | 1.20.3-1ubuntu2 | |
Expand...https://access.redhat.com/security/cve/CVE-2021-31879
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31879
https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html
https://nvd.nist.gov/vuln/detail/CVE-2021-31879
https://savannah.gnu.org/bugs/?56909
https://security.netapp.com/advisory/ntap-20210618-0002/
| | x11-common | CVE-2012-1093 | LOW | 1:7.7+19ubuntu14 | |
Expand...http://vladz.devzero.fr/012_x11-common-vuln.html
http://www.openwall.com/lists/oss-security/2012/02/29/1
http://www.openwall.com/lists/oss-security/2012/03/01/1
https://access.redhat.com/security/cve/cve-2012-1093
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1093
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://security-tracker.debian.org/tracker/CVE-2012-1093
| **jar** | Package | Vulnerability | Severity | Installed Version | Fixed Version | Links | |:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------| | com.google.guava:guava | CVE-2020-8908 | LOW | 29.0-jre | 30.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-8908
https://github.com/advisories/GHSA-5mg8-w23w-74h3
https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
https://github.com/google/guava/issues/4011
https://lists.apache.org/thread.html/r007add131977f4f576c232b25e024249a3d16f66aad14a4b52819d21@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r037fed1d0ebde50c9caf8d99815db3093c344c3f651c5a49a09824ce@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r07ed3e4417ad043a27bee7bb33322e9bfc7d7e6d1719b8e3dfd95c14@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r161b87f8037bbaff400194a63cd2016c9a69f5949f06dcc79beeab54@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r294be9d31c0312d2c0837087204b5d4bf49d0552890e6eec716fa6a6@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r2fe45d96eea8434b91592ca08109118f6308d60f6d0e21d52438cfb4@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328cf072b601b58d4e748@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r3dd8881de891598d622227e9840dd7c2ef1d08abbb49e9690c7ae1bc@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r49549a8322f62cd3acfa4490d25bfba0be04f3f9ff4d14fe36199d27@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r58a8775205ab1839dba43054b09a9ab3b25b423a4170b2413c4067ac@%3Ccommon-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r5b3d93dfdfb7708e796e8762ab40edbde8ff8add48aba53e5ea26f44@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/r5d61b98ceb7bba939a651de5900dbd67be3817db6bfcc41c6e04e199@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r6874dfe26eefc41b7c9a5e4a0487846fc4accf8c78ff948b24a1104a@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
https://lists.apache.org/thread.html/r79e47ed555bdb1180e528420a7a2bb898541367a29a3bc6bbf0baf2c@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r7b0e81d8367264d6cad98766a469d64d11248eb654417809bfdacf09@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra7ab308481ee729f998691e8e3e02e93b1dedfc98f6b1cd3d86923b3@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rb2364f4cf4d274eab5a7ecfaf64bf575cedf8b0173551997c749d322@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rc607bc52f3507b8b9c28c6a747c3122f51ac24afe80af2a670785b97@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rcafc3a637d82bdc9a24036b2ddcad1e519dd0e6f848fcc3d606fd78f@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce6378da2e4aa29c6bcb95@%3Cgithub.arrow.apache.org%3E
https://lists.apache.org/thread.html/rd2704306ec729ccac726e50339b8a8f079515cc29ccb77713b16e7c5@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
https://lists.apache.org/thread.html/rd7e12d56d49d73e2b8549694974b07561b79b05455f7f781954231bf@%3Cdev.pig.apache.org%3E
https://lists.apache.org/thread.html/re120f6b3d2f8222121080342c5801fdafca2f5188ceeb3b49c8a1d27@%3Cyarn-issues.hadoop.apache.org%3E
https://lists.apache.org/thread.html/reebbd63c25bc1a946caa419cec2be78079f8449d1af48e52d47c9e85@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rf00b688ffa620c990597f829ff85fdbba8bf73ee7bfb34783e1f0d4e@%3Cyarn-dev.hadoop.apache.org%3E
https://lists.apache.org/thread.html/rf9f0fa84b8ae1a285f0210bafec6de2a9eba083007d04640b82aa625@%3Cissues.geode.apache.org%3E
https://lists.apache.org/thread.html/rfc27e2727a20a574f39273e0432aa97486a332f9b3068f6ac1346594@%3Cdev.myfaces.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
https://security.netapp.com/advisory/ntap-20220210-0003/
https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | com.google.protobuf:protobuf-java | CVE-2021-22569 | MEDIUM | 3.11.0 | 3.16.1, 3.18.2, 3.19.2 |
Expand...http://www.openwall.com/lists/oss-security/2022/01/12/4
http://www.openwall.com/lists/oss-security/2022/01/12/7
https://access.redhat.com/security/cve/CVE-2021-22569
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330
https://cloud.google.com/support/bulletins#gcp-2022-001
https://github.com/advisories/GHSA-wrvw-hg22-4m67
https://github.com/protocolbuffers/protobuf/commit/b3093dce58bc9d3042f085666d83c8ef1f51fe7b
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
https://nvd.nist.gov/vuln/detail/CVE-2021-22569
https://www.oracle.com/security-alerts/cpuapr2022.html
| | com.google.protobuf:protobuf-java | GHSA-wrvw-hg22-4m67 | UNKNOWN | 3.11.0 | 3.16.1, 3.18.2, 3.19.2 |
Expand...https://github.com/advisories/GHSA-wrvw-hg22-4m67
https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-wrvw-hg22-4m67
| | commons-beanutils:commons-beanutils | CVE-2019-10086 | HIGH | 1.9.3 | 1.9.4 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html
http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e
https://access.redhat.com/errata/RHSA-2019:4317
https://access.redhat.com/errata/RHSA-2020:0057
https://access.redhat.com/errata/RHSA-2020:0194
https://access.redhat.com/errata/RHSA-2020:0804
https://access.redhat.com/errata/RHSA-2020:0805
https://access.redhat.com/errata/RHSA-2020:0806
https://access.redhat.com/errata/RHSA-2020:0811
https://access.redhat.com/security/cve/CVE-2019-10086
https://commons.apache.org/proper/commons-beanutils/javadocs/v1.9.4/RELEASE-NOTES.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
https://github.com/advisories/GHSA-6phf-73q6-gh87
https://github.com/apache/commons-beanutils/commit/dd48f4e589462a8cdb1f29bbbccb35d6b0291d58
https://github.com/apache/commons-beanutils/pull/7
https://issues.apache.org/jira/browse/BEANUTILS-520
https://linux.oracle.com/cve/CVE-2019-10086.html
https://linux.oracle.com/errata/ELSA-2020-0194.html
https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E
https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E
https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E
https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E
https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E
https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E
https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E
https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E
https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E
https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E
https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
https://nvd.nist.gov/vuln/detail/CVE-2019-10086
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | commons-fileupload:commons-fileupload | CVE-2016-1000031 | CRITICAL | 1.3.1 | 1.3.3 |
Expand...http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00036.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
http://www.securityfocus.com/bid/93604
http://www.tenable.com/security/research/tra-2016-12
http://www.zerodayinitiative.com/advisories/ZDI-16-570/
https://access.redhat.com/security/cve/CVE-2016-1000031
https://github.com/advisories/GHSA-7x9j-7223-rg5m
https://issues.apache.org/jira/browse/FILEUPLOAD-279
https://issues.apache.org/jira/browse/WW-4812
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2016-1000031
https://security.netapp.com/advisory/ntap-20190212-0001/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.tenable.com/security/research/tra-2016-12
https://www.tenable.com/security/research/tra-2016-23
https://www.tenable.com/security/research/tra-2016-30
| | commons-fileupload:commons-fileupload | CVE-2016-3092 | HIGH | 1.3.1 | 1.3.2 |
Expand...http://jvn.jp/en/jp/JVN89379547/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121
http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html
http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E
http://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
http://markmail.org/message/oyxfv73jb2g7rjg3
http://rhn.redhat.com/errata/RHSA-2016-2068.html
http://rhn.redhat.com/errata/RHSA-2016-2069.html
http://rhn.redhat.com/errata/RHSA-2016-2070.html
http://rhn.redhat.com/errata/RHSA-2016-2071.html
http://rhn.redhat.com/errata/RHSA-2016-2072.html
http://rhn.redhat.com/errata/RHSA-2016-2599.html
http://rhn.redhat.com/errata/RHSA-2016-2807.html
http://rhn.redhat.com/errata/RHSA-2016-2808.html
http://rhn.redhat.com/errata/RHSA-2017-0457.html
http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?r1=1745717&r2=1749637&diff_format=h
http://svn.apache.org/viewvc?view=revision&revision=1743480
http://svn.apache.org/viewvc?view=revision&revision=1743722
http://svn.apache.org/viewvc?view=revision&revision=1743738
http://svn.apache.org/viewvc?view=revision&revision=1743742
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
http://tomcat.apache.org/security.html
http://www.debian.org/security/2016/dsa-3609
http://www.debian.org/security/2016/dsa-3611
http://www.debian.org/security/2016/dsa-3614
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/91453
http://www.securitytracker.com/id/1036427
http://www.securitytracker.com/id/1036900
http://www.securitytracker.com/id/1037029
http://www.securitytracker.com/id/1039606
http://www.ubuntu.com/usn/USN-3024-1
http://www.ubuntu.com/usn/USN-3027-1
https://access.redhat.com/errata/RHSA-2017:0455
https://access.redhat.com/errata/RHSA-2017:0456
https://access.redhat.com/security/cve/CVE-2016-3092
https://bugzilla.redhat.com/show_bug.cgi?id=1349468
https://bugzilla.redhat.com/show_bug.cgi?id=1349475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092
https://github.com/advisories/GHSA-fvm3-cfvj-gxqq
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05204371
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289840
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324759
https://linux.oracle.com/cve/CVE-2016-3092.html
https://linux.oracle.com/errata/ELSA-2016-2599.html
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2016-3092
https://security.gentoo.org/glsa/201705-09
https://security.netapp.com/advisory/ntap-20190212-0001/
https://ubuntu.com/security/notices/USN-3024-1
https://ubuntu.com/security/notices/USN-3027-1
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
| | io.netty:netty-codec-http | CVE-2022-24823 | MEDIUM | 4.1.75.Final | 4.1.77.Final |
Expand...https://access.redhat.com/security/cve/CVE-2022-24823
https://github.com/advisories/GHSA-269q-hmxg-m83q
https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1
https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q
https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
https://nvd.nist.gov/vuln/detail/CVE-2022-24823
https://security.netapp.com/advisory/ntap-20220616-0004/
| | org.apache.httpcomponents:httpclient | CVE-2020-13956 | MEDIUM | 4.5.7 | 4.5.13 |
Expand...https://access.redhat.com/security/cve/CVE-2020-13956
https://bugzilla.redhat.com/show_bug.cgi?id=1886587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
https://errata.almalinux.org/8/ALSA-2022-1861.html
https://github.com/advisories/GHSA-7r82-7xv7-xcpj
https://linux.oracle.com/cve/CVE-2020-13956.html
https://linux.oracle.com/errata/ELSA-2022-1861.html
https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a8e43b0ef2c37749@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228644206acf9363f9@%3Cdev.hive.apache.org%3E
https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7dac88444dd876accb@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b7ba48997436f5d1@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90dab29f131f3ebffe@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41eee0fa7367169e0@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610eadbd89f76dd5457@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c7be584d2314fac3@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6cccc024c522ef17d@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee52db67b2f47d4303@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3fa2aefafa0b619d@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f83ee7b2eabdad707@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f111406a78bed13a@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be601cc9712ad2dcd1e@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48b3ce2a6edca0e30@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded951d34b1c1d0d05@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310b02673359d9b4d1@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aaa03f42ed1c07a89@%3Cdev.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931dc1e29036f17927@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe3a08f92ea743b90@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d563e67a4b6f3d8a7@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438c3c8c1d0de85a19@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d07eca49046bcb89f@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792aac2bee75bff9a2a@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2676481bb8787fc0d7%40%3Cdev.hc.apache.org%3E
https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3dce4a0e32d6ea4d@%3Ccommits.drill.apache.org%3E
https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4888f50a0ac3755e6f@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a91224045988b88f0413a97ec@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb6392910161c389b@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150350d4420c46443d@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c60f7344dab8de3b@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7f907e24a47a1a5e@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739bfbfe6c90049673@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4d21218b99b56652@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7a0ebdc44d77e381@%3Ccommits.turbine.apache.org%3E
https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90dad7ad7918b4b56fc@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193a82379afbc529f8@%3Csolr-user.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8957fe4ebabfc11f17@%3Cdev.jackrabbit.apache.org%3E
https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8416604833095c42@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a73b96003e1d9be35@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd5a0d8c7f8f904b2@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196fa2d7f50bdbc587@%3Cissues.maven.apache.org%3E
https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b99fc283db7ca553@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451fc20c7f451ef5cc4@%3Cgitbox.hive.apache.org%3E
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d17b713f61779858@%3Cissues.hive.apache.org%3E
https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e41cf7de50058b2c1@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e03f9ff7becf79625@%3Cissues.drill.apache.org%3E
https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b073210779648eec2@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef0e448158bc54917@%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ceb23a3fead87c9ca@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3add0d5dea825af1e@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb196a24774ac2fa3a3@%3Cissues.lucene.apache.org%3E
https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05caf9095e38ee150f@%3Cdev.ranger.apache.org%3E
https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254ebfefc280e5a0dcf1@%3Ccommits.creadur.apache.org%3E
https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa05f35c542cecc624@%3Cissues.solr.apache.org%3E
https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26ba37070706d44c3@%3Cissues.hive.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13956
https://security.netapp.com/advisory/ntap-20220210-0002/
https://www.openwall.com/lists/oss-security/2020/10/08/4
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.apache.poi:poi | CVE-2017-12626 | HIGH | 3.15 | 3.17 |
Expand...http://www.securityfocus.com/bid/102879
https://access.redhat.com/errata/RHSA-2018:1322
https://access.redhat.com/security/cve/CVE-2017-12626
https://bz.apache.org/bugzilla/show_bug.cgi?id=52372
https://bz.apache.org/bugzilla/show_bug.cgi?id=61294
https://bz.apache.org/bugzilla/show_bug.cgi?id=61295
https://bz.apache.org/bugzilla/show_bug.cgi?id=61338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12626
https://github.com/advisories/GHSA-523c-xh4g-mh5m
https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E
https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2017-12626
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
| | org.apache.poi:poi | CVE-2019-12415 | MEDIUM | 3.15 | 4.1.1 |
Expand...https://access.redhat.com/security/cve/CVE-2019-12415
https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E
https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E
https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-12415
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.apache.poi:poi | CVE-2022-26336 | MEDIUM | 3.15 | 5.2.1 |
Expand...https://access.redhat.com/security/cve/CVE-2022-26336
https://github.com/advisories/GHSA-mqvp-7rrg-9jxc
https://lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09j
https://nvd.nist.gov/vuln/detail/CVE-2022-26336
| | org.apache.shiro:shiro-core | CVE-2020-11989 | CRITICAL | 1.4.0 | 1.5.3 |
Expand...https://access.redhat.com/security/cve/CVE-2020-11989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989
https://github.com/advisories/GHSA-72w9-fcj5-3fcg
https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/r408fe60bc8fdfd7c74135249d646d7abadb807ebf90f6fd2b014df21@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675%40%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/rcf3d8041e1232201fe5d74fc612a193e435784d64002409b448b58fe@%3Cdev.geode.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-11989
https://ubuntu.com/security/notices/USN-4740-1
https://www.openwall.com/lists/oss-security/2020/06/22/1
| | org.apache.shiro:shiro-core | CVE-2020-1957 | CRITICAL | 1.4.0 | 1.5.2 |
Expand...https://access.redhat.com/security/cve/CVE-2020-1957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1957
https://github.com/advisories/GHSA-26gr-cvq3-qxgf
https://github.com/apache/shiro/pull/203#issuecomment-605442534
https://lists.apache.org/thread.html/r17f371fc89d34df2d0c8131473fbc68154290e1be238895648f5a1e6%40%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/rb3982edf8bc8fcaa7a308e25a12d294fb4aac1f1e9d4e14fda639e77@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rc64fb2336683feff3580c3c3a8b28e80525077621089641f2f386b63@%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/04/msg00014.html
https://nvd.nist.gov/vuln/detail/CVE-2020-1957
https://ubuntu.com/security/notices/USN-4740-1
https://www.openwall.com/lists/oss-security/2020/03/23/2
| | org.apache.shiro:shiro-core | CVE-2021-41303 | CRITICAL | 1.4.0 | 1.8.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-41303
https://github.com/advisories/GHSA-f6jp-j6w3-w9hm
https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-41303
https://security.netapp.com/advisory/ntap-20220609-0001/
| | org.apache.shiro:shiro-core | CVE-2019-12422 | HIGH | 1.4.0 | 1.4.2 |
Expand...https://access.redhat.com/security/cve/CVE-2019-12422
https://github.com/advisories/GHSA-r679-m633-g7wc
https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790ce24b7dde9191c82572c@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-12422
| | org.apache.shiro:shiro-core | CVE-2020-13933 | HIGH | 1.4.0 | 1.6.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-13933
https://github.com/advisories/GHSA-2vgm-wxr3-6w2j
https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r8097b81905f2a113ebdf925bcbc6d8c9d6863c807c9ee42e1e7c9293@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rb5edf49cd1451475dbcf53826ba6ef1bb7872dd6493d6112eb0c2bad@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
https://nvd.nist.gov/vuln/detail/CVE-2020-13933
| | org.apache.shiro:shiro-spring | CVE-2020-17510 | CRITICAL | 1.4.0 | 1.7.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-17510
https://github.com/advisories/GHSA-7cj4-gj8m-m2f7
https://github.com/apache/shiro/commit/dc194fc977ab6cfbf3c1ecb085e2bac5db14af6d
https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r95bdf3703858b5f958b5e190d747421771b430d97095880db91980d6@%3Cannounce.apache.org%3E
https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
https://nvd.nist.gov/vuln/detail/CVE-2020-17510
| | org.apache.shiro:shiro-spring | CVE-2020-17523 | CRITICAL | 1.4.0 | 1.7.1 |
Expand...http://shiro.apache.org/download.html
https://access.redhat.com/security/cve/CVE-2020-17523
https://github.com/advisories/GHSA-v98j-7crc-wvrj
https://github.com/apache/shiro/pull/263
https://issues.apache.org/jira/browse/SHIRO-797
https://lists.apache.org/thread.html/r5b93ddf97e2c4cda779d22fab30539bdec454cfa5baec4ad0ffae235@%3Cgitbox.activemq.apache.org%3E
https://lists.apache.org/thread.html/r679ca97813384bdb1a4c087810ba44d9ad9c7c11583979bb7481d196@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rd4b613e121438b97e3eb263cac3137caddb1dbd8f648b73a4f1898a6@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-17523
| | org.apache.shiro:shiro-spring | CVE-2021-41303 | CRITICAL | 1.4.0 | 1.8.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-41303
https://github.com/advisories/GHSA-f6jp-j6w3-w9hm
https://lists.apache.org/thread.html/raae98bb934e4bde304465896ea02d9798e257e486d04a42221e2c41b@%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/re470be1ffea44bca28ccb0e67a4cf5d744e2d2b981d00fdbbf5abc13%40%3Cannounce.shiro.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2021-41303
https://security.netapp.com/advisory/ntap-20220609-0001/
| | org.apache.shiro:shiro-web | CVE-2020-11989 | CRITICAL | 1.4.0 | 1.5.3 |
Expand...https://access.redhat.com/security/cve/CVE-2020-11989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11989
https://github.com/advisories/GHSA-72w9-fcj5-3fcg
https://lists.apache.org/thread.html/r2d2612c034ab21a3a19d2132d47d3e4aa70105008dd58af62b653040@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/r408fe60bc8fdfd7c74135249d646d7abadb807ebf90f6fd2b014df21@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675%40%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r72815a124a119c450b86189767d06848e0d380b1795c6c511d54a675@%3Cuser.shiro.apache.org%3E
https://lists.apache.org/thread.html/rab1972d6b177f7b5c3dde9cfb0a40f03bca75f0eaf1d8311e5762cb3@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/rc8b39ea8b3ef71ddc1cd74ffc866546182683c8adecf19c263fe7ac0@%3Ccommits.shiro.apache.org%3E
https://lists.apache.org/thread.html/rcf3d8041e1232201fe5d74fc612a193e435784d64002409b448b58fe@%3Cdev.geode.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-11989
https://ubuntu.com/security/notices/USN-4740-1
https://www.openwall.com/lists/oss-security/2020/06/22/1
| | org.apache.shiro:shiro-web | CVE-2020-17523 | CRITICAL | 1.4.0 | 1.7.1 |
Expand...http://shiro.apache.org/download.html
https://access.redhat.com/security/cve/CVE-2020-17523
https://github.com/advisories/GHSA-v98j-7crc-wvrj
https://github.com/apache/shiro/pull/263
https://issues.apache.org/jira/browse/SHIRO-797
https://lists.apache.org/thread.html/r5b93ddf97e2c4cda779d22fab30539bdec454cfa5baec4ad0ffae235@%3Cgitbox.activemq.apache.org%3E
https://lists.apache.org/thread.html/r679ca97813384bdb1a4c087810ba44d9ad9c7c11583979bb7481d196@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E
https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rce5943430a6136d37a1f2fc201d245fe094e2727a0bc27e3b2d43a39%40%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rd4b613e121438b97e3eb263cac3137caddb1dbd8f648b73a4f1898a6@%3Cissues.activemq.apache.org%3E
https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-17523
| | org.apache.shiro:shiro-web | CVE-2020-13933 | HIGH | 1.4.0 | 1.6.0 |
Expand...https://access.redhat.com/security/cve/CVE-2020-13933
https://github.com/advisories/GHSA-2vgm-wxr3-6w2j
https://lists.apache.org/thread.html/r18b45d560d76c4260813c802771cc9678aa651fb8340e09366bfa198@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/r4506cedc401d6b8de83787f8436aac83956e411d66848c84785db46d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r4c1e1249e9e1acb868db0c80728c13f448d07333da06a0f1603c0a33@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r575301804bfac87a064359cf4b4ae9d514f2d10db7d44120765f4129@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r70098e336d02047ce4d4e69293fe8d558cd68cde06f6430398959bc4@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r70b907ccb306e9391145e2b10f56cc6914a245f91720a17a486c020a@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r8097b81905f2a113ebdf925bcbc6d8c9d6863c807c9ee42e1e7c9293@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r852971e28f54cafa7d325bd7033115c67d613b112a2a1076817390ac@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r9d93dfb5df016b1a71a808486bc8f9fbafebbdbc8533625f91253f1d@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@%3Cdev.geode.apache.org%3E
https://lists.apache.org/thread.html/rb47d88af224e396ee34ffb88ee99fb6d04510de5722cf14b7137e6bc@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/rb5edf49cd1451475dbcf53826ba6ef1bb7872dd6493d6112eb0c2bad@%3Cdev.shiro.apache.org%3E
https://lists.apache.org/thread.html/re25b8317b00a50272a7252c4552cf1a81a97984cc2111ef7728e48e0@%3Cdev.shiro.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/08/msg00002.html
https://nvd.nist.gov/vuln/detail/CVE-2020-13933
| | org.apache.xmlbeans:xmlbeans | CVE-2021-23926 | CRITICAL | 2.6.0 | 3.0.0 |
Expand...https://access.redhat.com/security/cve/CVE-2021-23926
https://github.com/advisories/GHSA-mw3r-pfmg-xp92
https://issues.apache.org/jira/browse/XMLBEANS-517
https://lists.apache.org/thread.html/r2dc5588009dc9f0310b7382269f932cc96cae4c3901b747dda1a7fed@%3Cjava-dev.axis.apache.org%3E
https://lists.apache.org/thread.html/rbb01d10512098894cd5f22325588197532c64f1c818ea7e4120d40c1@%3Cjava-dev.axis.apache.org%3E
https://lists.debian.org/debian-lts-announce/2021/06/msg00024.html
https://nvd.nist.gov/vuln/detail/CVE-2021-23926
https://poi.apache.org/
https://security.netapp.com/advisory/ntap-20210513-0004/
https://www.oracle.com/security-alerts/cpuoct2021.html
| | org.springframework:spring-core | CVE-2022-22968 | HIGH | 5.3.18 | 5.2.21, 5.3.19 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22968
https://github.com/advisories/GHSA-g5mm-vmx4-3rg7
https://nvd.nist.gov/vuln/detail/CVE-2022-22968
https://security.netapp.com/advisory/ntap-20220602-0004/
https://tanzu.vmware.com/security/cve-2022-22968
| | org.springframework:spring-core | CVE-2022-22970 | HIGH | 5.3.18 | 5.3.20, 5.2.22.RELEASE |
Expand...https://access.redhat.com/security/cve/CVE-2022-22970
https://github.com/advisories/GHSA-hh26-6xwr-ggv7
https://nvd.nist.gov/vuln/detail/CVE-2022-22970
https://security.netapp.com/advisory/ntap-20220616-0006/
https://tanzu.vmware.com/security/cve-2022-22970
| | org.springframework:spring-core | CVE-2022-22971 | MEDIUM | 5.3.18 | 5.2.22.RELEASE, 5.3.20 |
Expand...https://access.redhat.com/security/cve/CVE-2022-22971
https://github.com/advisories/GHSA-rqph-vqwm-22vc
https://nvd.nist.gov/vuln/detail/CVE-2022-22971
https://security.netapp.com/advisory/ntap-20220616-0003/
https://tanzu.vmware.com/security/cve-2022-22971
|