Commit released Helm Chart and docs for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot
2021-12-21 18:46:27 +00:00
parent 7d8245d5ce
commit c7bcde2d27
1345 changed files with 13388 additions and 3755 deletions

View File

@@ -20,16 +20,13 @@ hide:
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.allowPrivilegeEscalation&#39; to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should add &#39;ALL&#39; to &#39;securityContext.capabilities.drop&#39; </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with user ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.runAsUser&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv020">https://avd.aquasec.com/appshield/ksv020</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;RELEASE-NAME-code-server&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | <details><summary>Expand...</summary> Force the container to run with group ID &gt; 10000 to avoid conflicts with the hosts user table. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;securityContext.runAsGroup&#39; &gt; 10000 </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-runasuser/">https://kubesec.io/basics/containers-securitycontext-runasuser/</a><br><a href="https://avd.aquasec.com/appshield/ksv021">https://avd.aquasec.com/appshield/ksv021</a><br></details> |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | <details><summary>Expand...</summary> Containers should be forbidden from running with a root primary or supplementary GID. <br> <hr> <br> Deployment &#39;RELEASE-NAME-code-server&#39; should set &#39;spec.securityContext.runAsGroup&#39;, &#39;spec.securityContext.supplementalGroups[*]&#39; and &#39;spec.securityContext.fsGroup&#39; to integer greater than 0 </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv029">https://avd.aquasec.com/appshield/ksv029</a><br></details> |
## Containers
@@ -255,6 +252,7 @@ hide:
| vim-common | CVE-2021-4069 | HIGH | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069</a><br><a href="https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9">https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9</a><br><a href="https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74">https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/</a><br></details> |
| vim-common | CVE-2008-4677 | LOW | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6">http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html">http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html</a><br><a href="http://secunia.com/advisories/31464">http://secunia.com/advisories/31464</a><br><a href="http://secunia.com/advisories/34418">http://secunia.com/advisories/34418</a><br><a href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:236">http://www.mandriva.com/security/advisories?name=MDVSA-2008:236</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/06/4">http://www.openwall.com/lists/oss-security/2008/10/06/4</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/16/2">http://www.openwall.com/lists/oss-security/2008/10/16/2</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/20/2">http://www.openwall.com/lists/oss-security/2008/10/20/2</a><br><a href="http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html">http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html</a><br><a href="http://www.securityfocus.com/archive/1/495432">http://www.securityfocus.com/archive/1/495432</a><br><a href="http://www.securityfocus.com/archive/1/495436">http://www.securityfocus.com/archive/1/495436</a><br><a href="http://www.securityfocus.com/bid/30670">http://www.securityfocus.com/bid/30670</a><br><a href="http://www.vupen.com/english/advisories/2008/2379">http://www.vupen.com/english/advisories/2008/2379</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=461750">https://bugzilla.redhat.com/show_bug.cgi?id=461750</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/44419">https://exchange.xforce.ibmcloud.com/vulnerabilities/44419</a><br></details> |
| vim-common | CVE-2017-1000382 | LOW | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="http://security.cucumberlinux.com/security/details.php?id=120">http://security.cucumberlinux.com/security/details.php?id=120</a><br><a href="http://www.openwall.com/lists/oss-security/2017/10/31/1">http://www.openwall.com/lists/oss-security/2017/10/31/1</a><br></details> |
| vim-common | CVE-2021-4136 | UNKNOWN | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264">https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264</a><br><a href="https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938">https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938</a><br></details> |
| vim-tiny | CVE-2021-3770 | HIGH | 2:8.2.2434-3 | 2:8.2.2434-3+deb11u1 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/10/01/1">http://www.openwall.com/lists/oss-security/2021/10/01/1</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3770">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3770</a><br><a href="https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e">https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e</a><br><a href="https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9">https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9</a><br><a href="https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365">https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365</a><br><a href="https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/">https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/</a><br><a href="https://ubuntu.com/security/notices/USN-5093-1">https://ubuntu.com/security/notices/USN-5093-1</a><br></details> |
| vim-tiny | CVE-2021-3778 | HIGH | 2:8.2.2434-3 | 2:8.2.2434-3+deb11u1 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/10/01/1">http://www.openwall.com/lists/oss-security/2021/10/01/1</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778</a><br><a href="https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f">https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f</a><br><a href="https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273">https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3778.html">https://linux.oracle.com/cve/CVE-2021-3778.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4517.html">https://linux.oracle.com/errata/ELSA-2021-4517.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/</a><br><a href="https://ubuntu.com/security/notices/USN-5093-1">https://ubuntu.com/security/notices/USN-5093-1</a><br></details> |
| vim-tiny | CVE-2021-3796 | HIGH | 2:8.2.2434-3 | 2:8.2.2434-3+deb11u1 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/10/01/1">http://www.openwall.com/lists/oss-security/2021/10/01/1</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796</a><br><a href="https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3">https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3</a><br><a href="https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d">https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3796.html">https://linux.oracle.com/cve/CVE-2021-3796.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4517.html">https://linux.oracle.com/errata/ELSA-2021-4517.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/</a><br><a href="https://ubuntu.com/security/notices/USN-5093-1">https://ubuntu.com/security/notices/USN-5093-1</a><br></details> |
@@ -270,6 +268,7 @@ hide:
| vim-tiny | CVE-2021-4069 | HIGH | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069</a><br><a href="https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9">https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9</a><br><a href="https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74">https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/</a><br></details> |
| vim-tiny | CVE-2008-4677 | LOW | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6">http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html">http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html</a><br><a href="http://secunia.com/advisories/31464">http://secunia.com/advisories/31464</a><br><a href="http://secunia.com/advisories/34418">http://secunia.com/advisories/34418</a><br><a href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:236">http://www.mandriva.com/security/advisories?name=MDVSA-2008:236</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/06/4">http://www.openwall.com/lists/oss-security/2008/10/06/4</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/16/2">http://www.openwall.com/lists/oss-security/2008/10/16/2</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/20/2">http://www.openwall.com/lists/oss-security/2008/10/20/2</a><br><a href="http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html">http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html</a><br><a href="http://www.securityfocus.com/archive/1/495432">http://www.securityfocus.com/archive/1/495432</a><br><a href="http://www.securityfocus.com/archive/1/495436">http://www.securityfocus.com/archive/1/495436</a><br><a href="http://www.securityfocus.com/bid/30670">http://www.securityfocus.com/bid/30670</a><br><a href="http://www.vupen.com/english/advisories/2008/2379">http://www.vupen.com/english/advisories/2008/2379</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=461750">https://bugzilla.redhat.com/show_bug.cgi?id=461750</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/44419">https://exchange.xforce.ibmcloud.com/vulnerabilities/44419</a><br></details> |
| vim-tiny | CVE-2017-1000382 | LOW | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="http://security.cucumberlinux.com/security/details.php?id=120">http://security.cucumberlinux.com/security/details.php?id=120</a><br><a href="http://www.openwall.com/lists/oss-security/2017/10/31/1">http://www.openwall.com/lists/oss-security/2017/10/31/1</a><br></details> |
| vim-tiny | CVE-2021-4136 | UNKNOWN | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264">https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264</a><br><a href="https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938">https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938</a><br></details> |
| xxd | CVE-2021-3770 | HIGH | 2:8.2.2434-3 | 2:8.2.2434-3+deb11u1 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/10/01/1">http://www.openwall.com/lists/oss-security/2021/10/01/1</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3770">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3770</a><br><a href="https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e">https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e</a><br><a href="https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9">https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9</a><br><a href="https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365">https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365</a><br><a href="https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/">https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2CJLY3CF55I2ULG2X4ENXLSXAXYW5J4/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4FFQARG3LGREPDZRI4C7ERQL3RJKEWQ/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFNTMVZCN4TRTTCAXRLVQ7H2P7FYAIZQ/</a><br><a href="https://ubuntu.com/security/notices/USN-5093-1">https://ubuntu.com/security/notices/USN-5093-1</a><br></details> |
| xxd | CVE-2021-3778 | HIGH | 2:8.2.2434-3 | 2:8.2.2434-3+deb11u1 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/10/01/1">http://www.openwall.com/lists/oss-security/2021/10/01/1</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3778</a><br><a href="https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f">https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f</a><br><a href="https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273">https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3778.html">https://linux.oracle.com/cve/CVE-2021-3778.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4517.html">https://linux.oracle.com/errata/ELSA-2021-4517.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/</a><br><a href="https://ubuntu.com/security/notices/USN-5093-1">https://ubuntu.com/security/notices/USN-5093-1</a><br></details> |
| xxd | CVE-2021-3796 | HIGH | 2:8.2.2434-3 | 2:8.2.2434-3+deb11u1 | <details><summary>Expand...</summary><a href="http://www.openwall.com/lists/oss-security/2021/10/01/1">http://www.openwall.com/lists/oss-security/2021/10/01/1</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3796</a><br><a href="https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3">https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3</a><br><a href="https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d">https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d</a><br><a href="https://linux.oracle.com/cve/CVE-2021-3796.html">https://linux.oracle.com/cve/CVE-2021-3796.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4517.html">https://linux.oracle.com/errata/ELSA-2021-4517.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K4JJBIH3OQSZRVTWKCJCDLGMFGQ5DOH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S42L4Z4DTW4LHLQ4FJ33VEOXRCBE7WN4/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TE62UMYBZE4AE53K6OBBWK32XQ7544QM/</a><br><a href="https://ubuntu.com/security/notices/USN-5093-1">https://ubuntu.com/security/notices/USN-5093-1</a><br></details> |
@@ -285,6 +284,7 @@ hide:
| xxd | CVE-2021-4069 | HIGH | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4069</a><br><a href="https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9">https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9</a><br><a href="https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74">https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNXY7T5OORA7UJIMGSJBGHFMU6UZWS6P/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYB2LLNUFJUKJJ5HYCZ6MV3Z6YX3U5BN/</a><br></details> |
| xxd | CVE-2008-4677 | LOW | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6">http://groups.google.com/group/vim_dev/browse_thread/thread/2f6fad581a037971/a5fcf4c4981d34e6?show_docid=a5fcf4c4981d34e6</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html">http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html</a><br><a href="http://secunia.com/advisories/31464">http://secunia.com/advisories/31464</a><br><a href="http://secunia.com/advisories/34418">http://secunia.com/advisories/34418</a><br><a href="http://www.mandriva.com/security/advisories?name=MDVSA-2008:236">http://www.mandriva.com/security/advisories?name=MDVSA-2008:236</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/06/4">http://www.openwall.com/lists/oss-security/2008/10/06/4</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/16/2">http://www.openwall.com/lists/oss-security/2008/10/16/2</a><br><a href="http://www.openwall.com/lists/oss-security/2008/10/20/2">http://www.openwall.com/lists/oss-security/2008/10/20/2</a><br><a href="http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html">http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html</a><br><a href="http://www.securityfocus.com/archive/1/495432">http://www.securityfocus.com/archive/1/495432</a><br><a href="http://www.securityfocus.com/archive/1/495436">http://www.securityfocus.com/archive/1/495436</a><br><a href="http://www.securityfocus.com/bid/30670">http://www.securityfocus.com/bid/30670</a><br><a href="http://www.vupen.com/english/advisories/2008/2379">http://www.vupen.com/english/advisories/2008/2379</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=461750">https://bugzilla.redhat.com/show_bug.cgi?id=461750</a><br><a href="https://exchange.xforce.ibmcloud.com/vulnerabilities/44419">https://exchange.xforce.ibmcloud.com/vulnerabilities/44419</a><br></details> |
| xxd | CVE-2017-1000382 | LOW | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="http://security.cucumberlinux.com/security/details.php?id=120">http://security.cucumberlinux.com/security/details.php?id=120</a><br><a href="http://www.openwall.com/lists/oss-security/2017/10/31/1">http://www.openwall.com/lists/oss-security/2017/10/31/1</a><br></details> |
| xxd | CVE-2021-4136 | UNKNOWN | 2:8.2.2434-3 | | <details><summary>Expand...</summary><a href="https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264">https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264</a><br><a href="https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938">https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938</a><br></details> |
**gobinary**
@@ -292,13 +292,12 @@ hide:
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| golang.org/x/crypto | CVE-2020-29652 | HIGH | v0.0.0-20191206172530-e9b2fee46413 | v0.0.0-20201216223049-8b5274cf687f | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652</a><br><a href="https://go-review.googlesource.com/c/crypto/+/278852">https://go-review.googlesource.com/c/crypto/+/278852</a><br><a href="https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1">https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1</a><br><a href="https://linux.oracle.com/cve/CVE-2020-29652.html">https://linux.oracle.com/cve/CVE-2020-29652.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-1796.html">https://linux.oracle.com/errata/ELSA-2021-1796.html</a><br><a href="https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E">https://lists.apache.org/thread.html/r68032132c0399c29d6cdc7bd44918535da54060a10a12b1591328bff@%3Cnotifications.skywalking.apache.org%3E</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-29652">https://nvd.nist.gov/vuln/detail/CVE-2020-29652</a><br></details> |
| golang.org/x/crypto | CVE-2020-9283 | HIGH | v0.0.0-20191206172530-e9b2fee46413 | v0.0.0-20200220183623-bac4c82f6975 | <details><summary>Expand...</summary><a href="http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html">http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283</a><br><a href="https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY">https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html">https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html">https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html</a><br><a href="https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html">https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-9283">https://nvd.nist.gov/vuln/detail/CVE-2020-9283</a><br></details> |
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.1 | v2.2.8 | <details><summary>Expand...</summary><a href="https://github.com/kubernetes/kubernetes/issues/89535">https://github.com/kubernetes/kubernetes/issues/89535</a><br><a href="https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ">https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ</a><br><a href="https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc">https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc</a><br><a href="https://linux.oracle.com/cve/CVE-2019-11254.html">https://linux.oracle.com/cve/CVE-2019-11254.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-5653.html">https://linux.oracle.com/errata/ELSA-2020-5653.html</a><br><a href="https://security.netapp.com/advisory/ntap-20200413-0003/">https://security.netapp.com/advisory/ntap-20200413-0003/</a><br></details> |
| gopkg.in/yaml.v2 | CVE-2019-11254 | MEDIUM | v2.2.1 | 2.2.8 | <details><summary>Expand...</summary><a href="https://github.com/kubernetes/kubernetes/issues/89535">https://github.com/kubernetes/kubernetes/issues/89535</a><br><a href="https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ">https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ</a><br><a href="https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc">https://groups.google.com/forum/#!topic/kubernetes-security-announce/wuwEwZigXBc</a><br><a href="https://linux.oracle.com/cve/CVE-2019-11254.html">https://linux.oracle.com/cve/CVE-2019-11254.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2020-5653.html">https://linux.oracle.com/errata/ELSA-2020-5653.html</a><br><a href="https://security.netapp.com/advisory/ntap-20200413-0003/">https://security.netapp.com/advisory/ntap-20200413-0003/</a><br></details> |
| gopkg.in/yaml.v2 | GMS-2019-2 | UNKNOWN | v2.2.1 | v2.2.3 | <details><summary>Expand...</summary><a href="https://github.com/docker/cli/pull/2117">https://github.com/docker/cli/pull/2117</a><br></details> |
| gopkg.in/yaml.v2 | GO-2021-0061 | UNKNOWN | v2.2.1 | v2.2.3 | <details><summary>Expand...</summary></details> |
| gopkg.in/yaml.v2 | GO-2021-0061 | UNKNOWN | v2.2.1 | 2.2.3 | <details><summary>Expand...</summary></details> |